Question from ISO 27001 Foundations Course
When talking about interested parties in clause 4.2. The video starts with saying it is Required to Document interested parties and their Information Security requirements. By the end of the video he says Clause 4.2 requires this analysis to be conducted but not documented. Can this be corrected or documented below the video? Many of the questions on the test cover what is required and not required to be documented, so this just adds to the confusion.
Assign topic to the user
Please note that at the beginning of the video (at the 10th second) it is said that requirements and interested parties need to be “determined”, which is different from being documented. You only need to identify them.
Only in the case that control A.18.1.1 - Identification of applicable legislation and contractual requirements is deemed applicable for an ISMS, such requirements and interested parties need to be documented.
Comment as guest or Sign in
Sep 22, 2022