Stakeholders are individuals or groups that have an interest in the organization’s performance.

According to the ISO 22301 Auditing eBook, "Stakeholders are persons or organizations that can

affect, be affected by, or perceive themselves to be affected by a decision or activity of the

organization. Stakeholders can be internal or external to the organization. Examples of internal

stakeholders are employees, managers, owners, and board members. Examples of external

stakeholders are customers, suppliers, regulators, investors, competitors, media, and the

public."1 Stakeholders have different needs and expectations regarding the organization’s business

continuity management system (BCMS) and its ability to respond to and recover from disruptive

incidents. Therefore, the organization needs to identify its relevant stakeholders and understand

their requirements and expectations, as well as communicate with them effectively and

appropriately. This is one of the requirements of ISO 22301, the international standard for business

continuity management systems. ISO 22301 requires the organization to determine the interested

parties that are relevant to its BCMS and the requirements of these interested parties2. Interested

parties are a subset of stakeholders that have a direct or indirect influence on the BCMS or a stake in

its outcome3. The organization also needs to monitor and review the information about these

interested parties and their requirements, as they may change over time2. Reference:

ISO 22301 Auditing eBook, Chapter 2: Business Continuity Concepts and Principles, Section 2.1:

Stakeholders1

ISO 22301:2019 - Security and resilience — Business continuity management systems —

Requirements, Clause 4.2: Understanding the needs and expectations of interested parties2

Interested parties in ISO 27001 and ISO 22301 | Who are they?3