Needs and Expectations of Interested parties
Are needs and expectations same or different for one interest party? If different are the needs and expectations both the requirements for the interested party stated example client. Or in the case of the client the needs are what organization wants from the client and what expectations does the client have from the organization?
Assign topic to the user
Although the ISO 27001:2013 standard does not define the terms ‘needs’ and ‘expectations’ when it talks about the needs and expectations of interested parties, it is helpful to think of them in this way. Needs are those things that interested parties have clearly stated or written down, such as a law that you need to meet (e.g., GDPR), or an information security requirement in a contract. Expectations are the unwritten things that the interested parties reasonably assume you will do, such as accurate tracking of information to meet those laws or timely addressing information security incidents when they occur.
You can learn more about the requirement in this article:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Jul 09, 2020