Global Impact

In follow up on Stakeholders & Legal Requirements, you will need to be in control when expanding your business to other countries and research.

Additional requirements for ISMS can be ruled by your 1. customers or by 2 laws.     

1.  If conducting business with corporates – read the Master Service Agreement carefully before signing. Additional requirements will probably cover new security, privacy or quality standards, new insurance requirements.

Some tips before accepting new security, privacy or quality standards:

• always ask what you do not understand, corporates sometimes add their own internal standards – and you will need to be aware, so it does not surprise you after signing.
• if new standards are required, asks if you need to adopt or need to get certified. Certification costs money and you will need to negotiate that into your pricing. 
• aks how the corporate organizes quality assurance – be prepared for external audit by corporates. 

2.  Entering new markets will need some research on privacy and security requirements. Personal data privacy regulations need to be taken into consideration when contracting or expanding outside of the GDPR geo area.

In the Procedure/Info of the Global Impact section you can find 2 links that will help you to prepare your research: DLA Piper website with overview of all Data Protections Laws of the World. You can compare your country with any other country in the world on all Data Protection topics. And Global Partner Digital (GPD) with a World Map of Encryption Laws and Policies. 

Both can be used to do your research and get you prepared when talking with customers. 

Add per country or per customers additional requirements and add what kind of activities (review policies, add security or privacy controls) you have taken to comply.