BIZOPS-45 Interested Parties

Estimated reading: 2 minutes 538 views

What is BIZOPS-45 Interested Parties Control?

Interested parties’ control comes from a requirement in ISO 27001, clause 4.2. This control asks the organization to think about the internal and external issues raised by interested parties. Interested parties are anyone with an interest in the organization ISMS. This can be an employee, an investor, a supplier, a customer, a competitor, etc.

Each one of these parties has a specific need and/or issue that would impact an organization’s information management and security systems. As such, this control demands that the organization take the time to identify who those stakeholders are, document their needs, and plan for addressing these needs.

Available tools in the marketplace

N/A – No tools required

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

  • TrustCloud created template

Control implementation

To implement this control,

  1. The organization must define all the stakeholders with an interest in the organization’s information management system.
  2. For each stakeholder, document what is required to keep them satisfied. For example, an investor stakeholder will be very interested in knowing about the organization’s ability to meet goals and objectives. A customer will be interested in the performance and availability of the product/service, etc. It is possible that the list is long, a strategy is to prioritize and focus on those stakeholders who hold high powers. For example, legislators, investors hold high powers.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for documentation that is documented within a ticketing system, along with:

  1. Most up to date list of Interested parties

Evidence example

For the suggested action, an example is provided below:

  1. Most up to date list of Interested parties
    The following screenshot shows the list of interested parties and stakeholders with expectations.
    BIZOPS 45 Interested Parties

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR