Interested Parties and Their Requirements
Assign topic to the user
1. Can I just group them instead of address them one by one specifically? By group, I mean it's like: supplier, customer, internal working unit, goverment agencies, etc..
2. About their requirements, do I have to quote it precisely (from contractual agreement, for instance) or can I use my own words?
Answers:
1) ISO 27001 does not say you need to identify each interested party individually, so yes - you can group them, as long as each interested party in a group has the same requirements.
2) Sure, you can use your own words.
Comment as guest or Sign in
Jan 12, 2016