To document ISO 27001 clause 4.2 Understanding the needs and expectations of interested parties, you need to list interested parties and their security requirements in the List of legal, regulatory, and contractual requirements. This involves defining who the interested parties are, identifying the sources of their requirements, finding the security requirements, determining which requirements will be addressed by the ISMS, and defining who is responsible for complying with each requirement.