ISO 27001 Clause 4.2 & 4.4 Implementation Guideline
Clause 4.2 Understanding the needs and expectations of interested parties Required activity The organization determines interested parties relevant to the ISMS and their requirements relevant to information security . Explanation Interested party may be a defined term that refers to persons or organizations which will affect, be suffering from , or perceive themselves to be suffering from a choice or activity of the organization. Interested parties are often found both outside and inside the organization and may have specific needs, expectations and requirements for the organization’s information security. External interested parties can include: a) Regulators and legislators; b) Shareholders including owners and investors; c) Suppliers including subcontractors, consultants, and outsourcing partners; d) Industry associations; e) Competitors; f) Customers and consumers; g) Activist groups. Internal interested parties can include: a) Decision makers including ...