Clause 4.2 has a note says : The requirements of interested parties may include legal and regulatory requirements and contractual obligations.
Can you explain more about this note and if possible give some example. Is it means the interested parties should have agreement to fulfil their expectations ?
Answer:
The note means that in the requirements of interested parties you need to include the identification of legal and regulatory requirements and also the contractual obligations, but you do not need to have an agreement with all interested parties (families of employees can be an interested party for ISO 27001). Anyway, you can find an example in our template (you can see a free version clicking on Free Demo tab) Procedure for Identification of Requirements : https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/
Also is important to identify laws and regulations about information security, you will find here a complete list classified by country Laws and regulations on information sec urity and business continuity : https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Finally, this article can be interesting for you How to identify interested parties according to ISO 27001 and ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 12, 2016