Documentation of customer groups whose information is processed by the organization

Critical
High
Normal
Low

Organisation must define

  • stakeholders relevant to the information security management system
  • information security requirements set by these stakeholders

Customer groups or individual significant customers that are important to the organization's operations are usually one of the most important stakeholders, also from the point of view of information security. Other stakeholders are treated through other tasks.

Connected other frameworks and requirements:
CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
CLD 8.1.5: Removal of cloud service customer assets
ISO 27017
A.8.2.1: Customer agreement
ISO 27701
4.2: Interested parties
ISO 27001

Data processing partner listing and owner assignment

Critical
High
Normal
Low

The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.

Connected other frameworks and requirements:
26. Joint controllers
GDPR
28. Processor
GDPR
44. General principle for transfers
GDPR
8.1.1: Inventory of assets
ISO 27001
13.2.2: Agreements on information transfer
ISO 27001

Documentation of other stakeholders

Critical
High
Normal
Low

The organization shall identify

  • the stakeholders relevant to the security management system
  • the security requirements set by these stakeholders

Data system providers and personal data processors are treated through separate tasks.

Connected other frameworks and requirements:
4.2: Interested parties
ISO 27001
No items found.