Interested Parties
I am currently writing the document for interested parties (ISO 27001:2013). Is it mandatory to write the names of the clients, or can we just categorize them as "clients" or "food clients"?
Assign topic to the user
First is important to note that ISO 27001 does not prescribe how to document interested parties, so documenting them by name or by category are acceptable approaches.
But please note that, to fulfill clause 7.4 - Communication, you need to determine with whom to communicate, and depending on the information to be communicated, maybe it will be necessary to identify clients individually in certain circumstances.
This article will provide you a further explanation about interested parties:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
These materials will also help you regarding interested parties:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 14, 2020