4.2– Understanding the needs and expectations of interested parties


1- What is an Interested Party?

At its simplest, an Interested Party is a stakeholder – someone, a group or an entity with an interest in your ISMS (or perhaps the organisation itself). These will include staff, suppliers, customers, shareholders, directors, prospects, board members, competitors, legislators and regulators, unions etc.

Rather than creating a range of one size fits all policies and controls for all your interested parties, it is better to look at those interested parties in terms of their power, interest and support – in simple terms this is about their ability to affect your approach to the ISMS. Then you can develop suitable approaches to demonstrate you have their needs covered (and of course yours where its a possible saboteur too!)

2- Who are the Interested Parties to keep satisfied? 
High power and low interest stakeholder.

3- Considering other interested parties needs for a successful ISO 27001 ISMS

If an interested party has both high interest and high power, we would call them a key player. These stakeholders should be actively involved. Your senior management team, key department heads, boutique critical suppliers etc. will likely fall into this category. You might actually have some of your intimately engaged important customers in this category. They may be very interested in how you are working day to day as it also impacts them too.


Ref.: https://www.isms.online/iso-27001/4-2-understanding-the-requirements-of…