ISO 27001:2022 Clause 4.2 — Stakeholder needs & expectations
| Name | Category | Type | CIA Impact | Key Requirements | Owner | Review Frequency | Status |
|---|---|---|---|---|---|---|---|
| Enterprise Customers | Client | External | CIA | SOC 2, SLA uptime, data privacy | CCO | Annual | Active |
| Information Commissioner's Office | Regulator | External | CI | GDPR compliance, breach notification | DPO | Annual | Active |
| AWS (Cloud Provider) | Supplier | External | CIA | Shared responsibility model, SCC DPA | CTO | Annual | Active |
| Employees | Workforce | Internal | CA | Safe working environment, data privacy | HR Director | Annual | Active |
| Shareholders / Board | Governance | Internal | CI | Financial data integrity, risk posture | CEO | Quarterly | Active |
| Cyber Insurance Provider | Insurer | External | CIA | Security posture, incident disclosure | CFO | Annual | Active |
| Auditors (External) | Auditor | External | CI | Audit evidence, documentation access | CISO | Annual | Active |
| NCSC (UK) | Regulator | External | CIA | Cyber Essentials, NIS 2 reporting | CISO | Annual | Active |
| Sub-processors (3rd party SaaS) | Supplier | External | CI | DPA in place, security questionnaire | DPO | Annual | Active |
| Prospective Customers | Client | External | C | Security questionnaires, certifications | CCO | Ad hoc | Active |
| Engineering Team | Workforce | Internal | IA | Secure SDLC, patching SLAs | CTO | Bi-annual | Active |
| Pen Testing Partner | Supplier | External | CI | NDA, scoped rules of engagement | CISO | Annual | Active |