User
How to document clause 4.2 Understanding the needs and expectations of interested parties?
Experta
To document ISO 27001 clause 4.2, it is considered best practice to create a List of legal, regulatory, contractual, and other requirements, and a Procedure for Identification of Requirements. While documentation is not mandatory, it helps in recording the information used to develop the ISMS scope.