Documenting context of the organization and interested parties
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: ISO 27001 does not require documenting context of the organization, and this is especially not recommended for smaller organizations - you only need to take into context of the organization when defining the scope and doing the risk assessment. You can read more here: Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
You should document interested parties in List of legal, regulatory and contractual requirements, in folder 02 of the ISO 27001 Toolkit.
I would recommend that you keep this information separate from the Information Security Policy because otherwise you might need to update the Policy too often.
See also: What should you write in your Information Security Policy according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/30/what-should-you-write-in-your-information-security-policy-according-to-iso-27001/
Comment as guest or Sign in
Jun 26, 2018