Professional Documents
Culture Documents
02 - Procedure For Identification of Requirements
02 - Procedure For Identification of Requirements
02 - Procedure For Identification of Requirements
Change history
The purpose of this document is to define the process of identification of interested parties, as well as legal,
regulatory, contractual, and other requirements related to information security, and responsibilities for their
fulfillment.
This document is applied to the entire Information Security Management System (ISMS).
2. Reference documents
The CISO is responsible for identifying (1) all persons or organizations that can affect or can be affected by
information security management (interested parties), and (2) all related legal, regulatory, contractual, and
other requirements.
The CISO will define who will be responsible for compliance with each individual requirement, and which
interested parties are to be notified when changes occur.
The CISO must list all requirements, interested parties, and responsible persons in the Register of legal,
contractual and other requirements in the Conformio Platform.
Every employee in Millenium must notify Head of compliance department if he/she comes across any new
legal, regulatory, contractual, or other requirement that might be relevant to information security
management.
The Legal advisor is responsible for reviewing the Register of legal, contractual and other requirements at
least quarterly, and for updating it as necessary. The Legal advisor will notify all personnel responsible for
compliance upon each update without undue delay.
The Legal advisor is responsible for evaluating the compliance of ISMS with relevant legal, regulatory and
contractual requirements at least annually.
Person
Storage Controls for
Record name responsible for Retention time
location record protection
storage
Register of legal, Only CISO is Obsolete records from the
Conformio
contractual and other CISO authorized to edit Register are archived for 3
platform
requirements data. years.
The owner of this document is the CISO, who must check and, if necessary, update the document at least
every 6 months.