To document ISO 27001 clause 4.2, "Understanding the needs and expectations of interested parties," you need to create a List of legal, regulatory, and contractual requirements. This document should include:

1. A list of interested parties relevant to your organization.
2. The security requirements of these interested parties.
3. The sources of these requirements, such as laws, regulations, contracts, etc.
4. The specific security requirements that will be addressed by the Information Security Management System (ISMS).
5. The person responsible for complying with each requirement.

This documentation helps ensure that all relevant interested parties and their security requirements are considered and implemented within the ISMS.