Stakeholder info to document
Assign topic to the user
Or would it be enough to just document a list of legal, regulatory, contractual and other requirements?
Yes, the information you are gathering will provide you a good overview for the understanding of needs and expectations of interested parties and it is covering the clause's requirements:
- which interested parties are relevant to the ISMS
- which requirements of these interested parties relevant to information security
For stakeholders analysis you should also consider if there is any implemented control to meet these requirements
These articles will provide you further explanation about interested parties analysis:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
This material will also help you regarding interested parties ana lysis:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 25, 2017