Interested parties, external and internal
As part of Iso27001 I know we are required to gather context of interest parties identify external and internal context. To satisfy auditors does this have to be in a document format like a policy?
Assign topic to the user
ISO 27001 main clauses do not require organizational context and interested parties to be documented, only that they are taken into account when defining the ISMS framework.
However, in case you find control A.18.1.1 (Identification of applicable legislation and contractual requirements) applicable to your ISMS, you need to document requirements, and for practical purposes, it is best to document requirements together with their respective interested parties.
To see how a list of ISMS requirements compliant with ISO 27001 looks like, see the free demo of this List of Legal, Regulatory, Contractual and Other Requirements template: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/
This article will provide you a further explanation about ISO 27001 mandatory documents:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
These articles will provide you a further explanation about organizational context and interested parties:
- How to define context of the organization according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
These materials will also help you regarding organizational context and interested parties:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 24, 2021