Stakeholder analysis

The following parties have relevance to our information security management system. We have documented their requirements towards information security, as well as any requirements we might have from them.

Party	What they expect from us	What we expect from them	Communication
Shareholders	No negative press, e.g. as a result of data breaches.	Clear and concise requirements with regards to information security	Once per year, the CISO will distribute (a summary of) this year's Management reviews.
Personnel	Protection of personal data	Knowledge and obedience of all relevant Policies and Procedures.	Mile stones and success stories about our ISMS will be communicated through our company news letter.
Suppliers	Clear and concise requirements with regards to information security	Knowledge and obedience of relevant Policies and Procedures Sign a DPA	-
Clients	Protection of confidential and sensitive data ISO 27001 certification	Respect our Information classification policy when it comes to the exchange of sensitive data Sign a DPA	Our certification status is communicated through our web sites, and the topic will be addressed by account managers.
End users	Protection of personal data	-	End users are informed about our certification status via our web site. There they can also find our Privacy policy.
Government, supervising authorities	To uphold the law and regulations as detailed in Legal and contractual requirements	Timely communication on changes in relevant laws A process for reporting data breaches	-