User
How to document clause 4.2 Understanding the needs and expectations of interested parties?
Experta
To document ISO 27001 clause 4.2, you need to list interested parties and their security requirements in the List of legal, regulatory, and contractual requirements. This involves defining who the interested parties are, identifying the sources of their requirements, determining the security requirements, and deciding which of these will be addressed by the Information Security Management System (ISMS).