Documenting context of the organization and interested parties
Assign topic to the user
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now 
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
Answer: ISO 27001 does not require documenting context of the organization, and this is especially not recommended for smaller organizations - you only need to take into context of the organization when defining the scope and doing the risk assessment. You can read more here: Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
You should document interested parties in List of legal, regulatory and contractual requirements, in folder 02 of the ISO 27001 Toolkit.
I would recommend that you keep this information separate from the Information Security Policy because otherwise you might need to update the Policy too often.
See also: What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Comment as guest or Sign in
Jun 26, 2018