The ISO 27001 legal and contractual register is used to identify which laws apply to your organisation, what contractual requirements customers have placed on you, what regulatory requirements there maybe and what standards you are working towards. It is used to evidence that they have been reviewed, agreed and signed off and to show when they will next be reviewed. All of these will inform and influence your information security management system.

ISO 27001 Annex A 5.31 Legal, statutory, regulatory and contractual requirements requires a legal register. It states

‘Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements should be identified, documented and kept up to date.’

ISO 27001 Annex A 5.31

In this ISO 27001 Legal and Contractual Register tutorial I show you how to create and use a legal and contractual register yourself.

I created the ISO 27001 Legal Register as a fast track to recording applicable laws, regulations and contractual requirements. It does not constitute legal advice although it does come pre-populated with common UK laws that I have come across over decades in consulting. It can be used globally and is a great foundation and starting point.

ISO 27001 Legal and Contractual Requirements Register Template

The Most Ruthlessly Effective and Aggressively Priced ISO 27001 Toolkit in the World.

Join over 1,500+ Empowered Consultants & Business Owners

Stuart Barker ISO27001 Ninja High Table
What is an ISO 27001 legal and contractual register?

It is a document that lists the applicable laws and customer contractual requirements on your organisation.

Why use an ISO 27001 legal and contractual register?

It is used to show what laws and contractual requirements apply to your organisation and evidences that you are aware of them and have reviewed them. These will inform and influence your information security management system.

What does an ISO 27001 legal and contractual register include?

It includes a list of laws and customer requirements on information security that apply to your organisation with the date they were last reviewed and the date they will next be reviewed.

Where can I download a legal and contractual register?

The ISO 27001 legal and contractual register template can be downloaded at High Table: The ISO 27001 Company.

What ISO 27001 clause requires and ISO 27001 legal register?

ISO 27001 Annex A 5.31 Legal, statutory, regulatory and contractual requirements requires a legal register. It states’ Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements should be identified, documented and kept up to date.’