The Ultimate Guide to the ISO 27001 Legal Register

In this article we lay bare the ISO 27001 Legal Register. Exposing the insider trade secrets, giving you the templates that will save you hours of your life and showing you exactly what you need to do to satisfy it for ISO 27001 certification. We show you exactly what changed in the ISO 27001:2022 update. I am Stuart Barker the ISO 27001 Ninja and this is the ISO 27001 Legal Register.

What is an ISO 27001 Legal Register?

The ISO 27001 legal and contractual register is used to identify which laws apply to your organisation, what contractual requirements customers have placed on you, what regulatory requirements there maybe and what standards you are working towards. It is used to evidence that they have been reviewed, agreed and signed off and to show when they will next be reviewed. All of these will inform and influence your information security management system.

ISO 27001 requirements for the legal register

ISO 27001 Annex A 5.31 Legal, statutory, regulatory and contractual requirements requires a legal register. It states

‘Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements should be identified, documented and kept up to date.’

ISO 27001 Annex A 5.31

ISO 27001 Legal and Contractual Register Walkthrough

In this ISO 27001 Legal and Contractual Register tutorial I show you how to create and use a legal and contractual register yourself.

ISO 27001 Legal Register Template

I created the ISO 27001 Legal Register as a fast track to recording applicable laws, regulations and contractual requirements. It does not constitute legal advice although it does come pre-populated with common UK laws that I have come across over decades in consulting. It can be used globally and is a great foundation and starting point.

Legal and Contractual Register FAQ