Stakeholders are individuals or groups that have an interest in the organization’s performance. According to the ISO 22301 Auditing eBook, "Stakeholders are persons or organizations that can affect, be affected by, or perceive themselves to be affected by a decision or activity of the organization. Stakeholders can be internal or external to the organization. Examples of internal stakeholders are employees, managers, owners, and board members. Examples of external stakeholders are customers, suppliers, regulators, investors, competitors, media, and the public."1 Stakeholders have different needs and expectations regarding the organization’s business continuity management system (BCMS) and its ability to respond to and recover from disruptive incidents. Therefore, the organization needs to identify its relevant stakeholders and understand their requirements and expectations, as well as communicate with them effectively and appropriately. This is one of the requirements of ISO 22301, the international standard for business continuity management systems. ISO 22301 requires the organization to determine the interested parties that are relevant to its BCMS and the requirements of these interested parties2. Interested parties are a subset of stakeholders that have a direct or indirect influence on the BCMS or a stake in its outcome3. The organization also needs to monitor and review the information about these interested parties and their requirements, as they may change over time2. References:

ISO 22301 Auditing eBook, Chapter 2: Business Continuity Concepts and Principles, Section 2.1: Stakeholders1

ISO 22301:2019 - Security and resilience — Business continuity management systems — Requirements, Clause 4.2: Understanding the needs and expectations of interested parties2

Interested parties in ISO 27001 and ISO 22301 | Who are they?3