Strategy & Ambition
Legal & Compliance
IT Infrastructure X-Ray
Risk & Opportunities
Improvements
Security Policies & Procedures
Measures & Controls
Operations
Leadership & Management
ISO Certification
Progress Overview
Real Time Audit
Global Impact

In follow up on Stakeholders & Legal Requirements, you will need to be in control when expanding your business to other countries and research.
Additional requirements for ISMS can be ruled by your 1. customers or by 2 laws.
1. If conducting business with corporates – read the Master Service Agreement carefully before signing. Additional requirements will probably cover new security, privacy or quality standards, new insurance requirements.
Some tips before accepting new security, privacy or quality standards:
- always ask what you do not understand, corporates sometimes add their own internal standards – and you will need to be aware, so it does not surprise you after signing.
- if new standards are required, asks if you need to adopt or need to get certified. Certification costs money and you will need to negotiate that into your pricing.
- aks how the corporate organizes quality assurance – be prepared for external audit by corporates.
2. Entering new markets will need some research on privacy and security requirements. Personal data privacy regulations need to be taken into consideration when contracting or expanding outside of the GDPR geo area.
In the Procedure/Info of the Global Impact section you can find 2 links that will help you to prepare your research: DLA Piper website with overview of all Data Protections Laws of the World. You can compare your country with any other country in the world on all Data Protection topics. And Global Partner Digital (GPD) with a World Map of Encryption Laws and Policies.
Both can be used to do your research and get you prepared when talking with customers.
Add per country or per customers additional requirements and add what kind of activities (review policies, add security or privacy controls) you have taken to comply.
Field | Value / Description | Example |
Country | free text field | Romania |
Additional Compliance Requirements | free text field | In addition to the requirements provided by the GDPR in Articles 37 to 39, Law no. 190/2018 provides that a data protection officer (DPO) must be designated whenever the entity acting as controller is processing a national identification number, including by collecting or disclosing any documents enclosing such national identification number, when the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, in accordance with the provisions of Article 6 paragraph 1 letter (f) of the GDPR. |
Operational Impact | free text field | we will need our own DPA |
0 out of 5 stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |