External Requirements Policy

Version: 1.00Issue Date: 12/31/2014

This External Requirements Policy defines how external requirements such as legal requirements will be managed.

1.0 Overview

This External Requirements Policy will help ensure external requirements are properly documented and met. It will ensure that requirements are kept updated and met as laws or other conditions change

2.0 Purpose

This External Requirements Policy requires processes and staff to take action that ensures external requirements are properly documented and met.

3.0 Scope

This External Requirements Policy applies to all who work on projects, managers, those who deal with contracts, and business partners. Awareness of this policy applies to all employees. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Documentation

  • Procedures must be created and maintained which will identify external regulatory, legal or contractual requirements.
  • Procedures must be created and maintained which will help staff members understand external regulatory, legal or contractual requirements.
  • Procedures must be created and utilized to be sure that noncompliance areas are identified and corrected in a timely manner.
  • Compliance requirements of external regulatory, legal or contractual requirements must be formally documented.
  • Legal and regulatory requirements must be included in organizational standards, policies, and processes.

5.0 Requirements

  • A compliance section responsible for dealing with external compliance issues including regulations, international and local legal requirements, or contract requirements must be created and given appropriate responsibility and authority. Legal requirements include privacy, intellectual property, work place safety, data flow across governmental borders, licensing, insurance contract requirements, customs legislation, and ergonomic compliance.
  • The compliance section must monitor regulatory changes including work place safety, ergonomic compliance, privacy, insurance contract requirements, customs legislation, and intellectual property. A staff member must be assigned the responsibility to monitor this.
  • The compliance section must provide a liaison function with regulators.
  • The compliance section must carry out required procedures related to external compliance issues.
  • The compliance section must require and ensure that all staff including contractors are trained and informed about their regulatory, legal, and contractual responsibilities including work place safety and ergonomic compliance issues.
  • Management must determine external relationship impact on the organization including changes to strategies or information needs to be sure regulatory, legal, or contractual requirements are met.
  • Management must periodically meet at least annually with the compliance section along with external and internal auditors to be sure the organization is in compliance with regulations and laws.
  • A process for reviewing compliance requirements must be created and utilized. The following must be done when compliance requirements are reviewed:
    • Compliance requirements and changes must be documented and appropriate parties must be informed in a timely manner.
    • External experts should review external compliance requirements also.
    • Determine whether the organization is meeting compliance requirements and what must be done to improve.
    • Stored and transferred data must be listed and reviewed to determine whether there are more requirements that must be met related either to the type of data or sensitivity of data.
    • Type of encryption and encryption requirements must be considered when sending data across borders and laws in both governments must be considered.
  • A process for itemizing compliance issues and tracking resolution of each issue must be created and utilized.
    • Tools to track the issue and its resolution such as issue tracking software should be utilized.
    • The process must require resolution in a timely manner.
    • Legal requirements addressing work place safety, privacy, intellectual property, licensing, data flow across government borders, customs legislation, and ergonomic standards must be included in issues required for external compliance. Insurance contract requirements must be included.
    • Management should determine the cost or potential cost of noncompliance to help assure the requirements are resolved in a timely manner.
    • Laws of foreign countries where trading is done or business partners exist must be reviewed during this process.
  • Organizational management must be sure that contracts are formally in force with trading partners so data transmission and storage requirements are met by all involved parties including encryption requirements.
  • Encryption techniques and digital certificates should be used to be sure identity of third parties is confirmed along with providing nonrepudation and confidentiality for transactions that require them. This is required for e-commerce transactions.
  • When e-commerce or other applicable projects are being developed, external requirements must be met. These requirements include privacy, intellectual property, work place safety, data flow across governmental borders, licensing, insurance contract requirements, customs legislation, and ergonomic compliance.

6.0 Enforcement

Since following the External Requirements Policy is important for the welfare of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

7.0 Other Policies

  • Insurance Purchase Policy

8.0 Additional Requirements

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________