Internal and external issues, requirements of interested parties
Assign topic to the user
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now 
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
Answer:
ISO 27001 does not require you to document internal and external issues, you only have to take them into account (doing this through the process of risk assessment is fine) - very often the auditors do not understand this so in your case I would challenge this auditor. This article can also help you: Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
Regarding requirements of interested parties, you should develop a list of all their requirements (which is also required by control A.18.1.1) - this ar ticle will help you: How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 13, 2016