Expert Advice Community

Guest

ISO 27001 stakeholders

  Quote
Guest
Guest user Created:   May 14, 2020 Last commented:   May 14, 2020

ISO 27001 stakeholders

Who are iso 27001 stakeholders? How do we identify them? Are top managers included in the ISMS scope?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 14, 2020

1 - Who are iso 27001 stakeholders?

Answer: For ISO 27001, stakeholders are known as interested parties and are people or entities that can affect, or be affected, by the Information Security Management System. Most common stakeholders are:
- top management
- employees
- customers
- suppliers
- regulators
- government

2 - How do we identify them?

Answer: The ISO 27001 interested parties are identified based on the analysis of organizational context (internal and external issues that can affect, or be affected, by the ISMS), and in the legal requirements (e.g, laws, regulations and contracts) the organization has to comply with.

For further information, see:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

3 - Are top managers included in the ISMS scope?

Answer: The ISMS scope is normally defined in terms of information, locations, business units or process to be protected, not people or roles.

In most cases, the managers that have the highest position in the ISMS are included in the scope - e.g. if only one department is included in the scope then this is the head of the department; if the whole company is included in the scope then this is the CEO of the company.

 What happens is that top managers take an essential role in the ISMS implementation, by setting directives and objectives and providing resources.

These articles will provide you a further explanation about the scope definition and top management responsibilities:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/

These materials will also help you regarding ISO 27001:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 13, 2020

May 13, 2020

Suggested Topics

Guest user Created:   Jun 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation questions

Guest user Created:   Sep 07, 2020 ISO 27001 & 22301
Replies: 1
0 0

Implementation of ISMS

isocert Created:   Oct 18, 2017 ISO 27001 & 22301
Replies: 2
0 0

Stakeholder info to document