Expert Advice Community

Guest

Question from ISO 27001 Foundations Course

  Quote
Guest
Guest user Created:   Sep 22, 2022 Last commented:   Sep 22, 2022

Question from ISO 27001 Foundations Course

When talking about interested parties in clause 4.2. The video starts with saying it is Required to Document interested parties and their Information Security requirements. By the end of the video he says Clause 4.2 requires this analysis to be conducted but not documented. Can this be corrected or documented below the video? Many of the questions on the test cover what is required and not required to be documented, so this just adds to the confusion.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 22, 2022

Please note that at the beginning of the video (at the 10th second) it is said that requirements and interested parties need to be “determined”, which is different from being documented. You only need to identify them.

Only in the case that control A.18.1.1 - Identification of applicable legislation and contractual requirements is deemed applicable for an ISMS, such requirements and interested parties need to be documented.  

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 22, 2022

Sep 22, 2022

Suggested Topics