Expert Advice Community

Guest

Interested parties, external and internal

  Quote
Guest
Guest user Created:   Mar 24, 2021 Last commented:   Mar 24, 2021

Interested parties, external and internal

As part of Iso27001 I know we are required to gather context of interest parties identify external and internal context. To satisfy auditors does this have to be in a document format like a policy?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 24, 2021

 ISO 27001 main clauses do not require organizational context and interested parties to be documented, only that they are taken into account when defining the ISMS framework.

However, in case you find control A.18.1.1 (Identification of applicable legislation and contractual requirements) applicable to your ISMS, you need to document requirements, and for practical purposes, it is best to document requirements together with their respective interested parties.

To see how a list of ISMS requirements compliant with ISO 27001 looks like, see the free demo of this List of Legal, Regulatory, Contractual and Other Requirements template: https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/list-of-legal-regulatory-contractual-and-other-requirements/

This article will provide you a further explanation about ISO 27001 mandatory documents:

These articles will provide you a further explanation about organizational context and interested parties:

These materials will also help you regarding organizational context and interested parties:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 24, 2021

Mar 24, 2021

Suggested Topics