DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-PRO-011

Context and Interested Parties Procedure

Version

1.0

Owner

IMS Owner

Effective Date

TBD

Review Date

TBD

Context and Interested Parties Procedure

Document ID: SW-IMS-PRO-011-v1.0
Effective Date: [TBD]
Review Date: [TBD]
Owner: IMS Owner
Approved by: [TBD]

1. Purpose

This procedure establishes a systematic approach to understanding Swedwise's organizational context and determining the needs and expectations of interested parties relevant to the Integrated Management System (IMS). It ensures:

Internal and external issues affecting the IMS are identified and monitored
Interested parties (stakeholders) are systematically identified
Requirements and expectations of interested parties are understood
The scope of the IMS is appropriate to Swedwise's context
Strategic planning considers context and interested party needs
Compliance with ISO 9001 clauses 4.1 and 4.2, ISO 14001 clauses 4.1 and 4.2, and ISO 27001 clauses 4.1 and 4.2

2. Scope

This procedure applies to:

Internal context: Swedwise's organizational structure, culture, strategy, capabilities, resources, values
External context: Market conditions, regulations, technology, competitors, stakeholders, environment
Interested parties: Customers, employees, suppliers, partners, regulators, investors, community, environment
Requirements determination: Understanding what interested parties need and expect from Swedwise
Context monitoring: Ongoing tracking of changes in context and requirements

This procedure applies to all Swedwise locations and involves Management Team, IMS Owner, and relevant department heads.

3. Definitions

Term	Definition
Context	The combination of internal and external factors and conditions that can affect Swedwise's approach to achieving objectives and fulfilling requirements.
Internal Context	Factors within the organization (structure, culture, resources, capabilities, values, governance).
External Context	Factors outside the organization (market, regulation, competition, technology, economy, society, environment).
Interested Party (Stakeholder)	Person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity of Swedwise.
Requirement	Need or expectation that is stated, generally implied, or obligatory (legal, regulatory, contractual).
Expectation	Anticipated or assumed need of an interested party (may be implicit).
PESTLE	Analysis framework: Political, Economic, Social, Technological, Legal, Environmental factors.
SWOT	Analysis framework: Strengths, Weaknesses, Opportunities, Threats.
Stakeholder Mapping	Process to identify, categorize, and prioritize interested parties.
Power-Interest Matrix	Tool to prioritize stakeholders based on their power and interest in the organization.

4. Understanding Organizational Context

4.1 Internal Context Analysis

Objective: Understand internal factors that influence IMS design and effectiveness

Internal Factors to Analyze:

Factor Category	Elements to Consider
Strategy	Vision, mission, strategic objectives, business model, value proposition
Structure	Organizational structure, reporting lines, office locations, team composition
Culture	Values ("Make Time For The Good"), learning organization philosophy, autonomy focus
Governance	Decision-making processes, authorities, Management Team structure
Resources	Staff size (~35 employees), competencies, financial resources, technology infrastructure
Processes	Core processes (consulting, SaaS, sales, delivery), process maturity
Performance	Current performance levels, strengths, weaknesses
Knowledge	Intellectual property, expertise, key knowledge holders
Risk Appetite	Tolerance for risk, risk management approach
Change Readiness	Capacity for change, ongoing initiatives, change fatigue

Analysis Methods:

SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats)

Quadrant	Focus	Questions
Strengths (Internal Positive)	What do we do well?	- What unique capabilities do we have? - What advantages do we have over competitors? - What resources are strong?
Weaknesses (Internal Negative)	What needs improvement?	- Where do we lack capabilities? - What do competitors do better? - What resources are limited?
Opportunities (External Positive)	What can we leverage?	- What market trends favor us? - What new capabilities could we develop? - What partnerships could we form?
Threats (External Negative)	What should we mitigate?	- What market trends threaten us? - What do competitors do that threatens us? - What regulations could harm us?

Example SWOT for Swedwise (illustrative):

Strengths:

Strong expertise in OpenText, Salesforce, business-critical solutions
Learning organization culture fostering innovation
Established presence in Nordic market
Long-term customer relationships
Agile, autonomous teams

Weaknesses:

Small size limits resource capacity
Externally-focused workforce (weak internal routines)
Same resources handle client work and internal support (resource conflicts)
Weak documentation and knowledge management (historically)

Opportunities:

Growing demand for SaaS solutions in public sector
Procurement requirements favoring ISO-certified suppliers
Digital transformation trend in Nordic region
Remote work enabling access to broader talent pool
AI and automation enhancing service delivery

Threats:

Larger consulting firms competing for same customers
Customer concentration risk (reliance on key accounts)
Supplier dependency (OpenText, Salesforce, cloud providers)
Talent shortage and recruitment challenges
Economic downturn reducing IT spending

Internal Capability Assessment

Assess organizational capabilities:

Capability Area	Current State	Required State	Gap
Quality management	Informal	ISO 9001 certified	High
Environmental management	Minimal	ISO 14001 certified	High
Information security	Ad-hoc	ISO 27001 certified	High
SaaS operations	New initiative	Mature, 99.9% SLA	High
Process documentation	Weak	Comprehensive, maintained	Medium
Training and competence	Informal	Structured, tracked	Medium

4.2 External Context Analysis

Objective: Understand external factors that influence IMS design and effectiveness

External Factors to Analyze:

PESTLE Analysis

Factor	Elements	Impact on Swedwise
Political	- Government policies - Political stability - Public procurement rules - Trade regulations	- Procurement requirements driving ISO certification - Public sector as key market - Nordic regional focus
Economic	- Economic growth/recession - Exchange rates - Interest rates - Inflation - IT spending trends	- Economic downturn could reduce consulting demand - Strong Nordic economy supports growth - SaaS model provides recurring revenue stability
Social	- Demographics - Work-life balance trends - Remote work adoption - Sustainability awareness - Digital literacy	- Remote work enables broader talent pool - Sustainability increasingly important to customers and employees - "Make Time For The Good" resonates with work-life balance values
Technological	- Cloud computing - AI and automation - Cybersecurity threats - SaaS platforms - Integration tools	- Cloud enables SaaS offering - AI opportunity for enhanced services - Cybersecurity critical for trust - Continuous technology evolution requires learning
Legal	- GDPR and data protection - Labor laws - Contract law - Intellectual property - Environmental regulations	- GDPR compliance mandatory - Employment law compliance (Swedish and EU) - Contractual obligations to customers - Limited environmental legal requirements (office-based)
Environmental	- Climate change - Carbon reduction targets - Resource scarcity - Stakeholder expectations	- Carbon footprint reduction expectations - Customer preferences for sustainable suppliers - Employee values around sustainability

Competitive Landscape

Factor	Analysis
Competitors	- Large consulting firms (Accenture, Deloitte, Capgemini) - Boutique Nordic consultancies - In-house IT teams - Offshore providers
Competitive Advantages	- Nordic expertise and local presence - Specialized knowledge (OpenText, Salesforce) - Customer-centric approach - Learning organization agility
Competitive Threats	- Larger firms' resources and brand - Price competition from offshore - Customer insourcing of capabilities
Differentiation	- ISO certifications demonstrating quality, security, environmental commitment - SaaS offering for high-volume communication needs - "Make Time For The Good" positioning

Market Trends

Shift from on-premises to cloud and SaaS
Increased focus on cybersecurity and data protection
Sustainability as procurement criterion
Digital transformation acceleration
Demand for integration and automation expertise
Public sector digitalization initiatives

Regulatory Environment

Regulation	Applicability	Impact
GDPR	High - Personal data processing	- Data protection controls mandatory - Privacy by design - Customer data handling procedures
ISO Standards	High - Certification requirements	- IMS implementation required - Ongoing compliance and audit
Public Procurement Rules	High - Public sector customers	- Tender requirements - Sustainability criteria - Quality and security documentation
Environmental Regulations	Low - Office operations	- Minimal direct regulation - Voluntary sustainability commitments
Labor Laws	Medium - Employment practices	- Swedish employment law compliance - Work environment regulations

4.3 Context Analysis Process

Frequency:

Comprehensive analysis: Annually (typically Q4, before strategic planning)
Monitoring and updates: Quarterly (as part of management review)
Triggered analysis: When significant changes occur (merger, major market shift, regulatory change, strategic pivot)

Process Steps:

Step 1: Prepare

IMS Owner schedules context analysis workshop (half-day)
Invites participants: Management Team, department heads, key subject matter experts
Gathers inputs:
- Previous context analysis results
- Industry reports and trend analyses
- Customer feedback and market intelligence
- Regulatory updates
- Performance data

Step 2: Conduct Analysis

Workshop agenda:

Time	Activity	Method
0:00-0:15	Introduction, review previous analysis	Discussion
0:15-1:00	Internal context analysis	SWOT, capability assessment
1:00-1:45	External context analysis	PESTLE, competitive landscape
1:45-2:00	Break	-
2:00-2:45	Identify key issues and changes	Brainstorming, prioritization
2:45-3:30	Implications for IMS and strategy	Discussion, action planning
3:30-4:00	Document findings, assign actions	Documentation

Step 3: Document

IMS Owner documents analysis in Context Analysis Report (template in Appendix B):

Summary of internal context (SWOT)
Summary of external context (PESTLE)
Key changes since last analysis
Significant issues affecting IMS
Implications for IMS scope, processes, objectives
Recommendations for action

Step 4: Review and Approve

IMS Owner presents to Management Team
Management Team reviews, discusses, approves
Approval recorded

Step 5: Take Action

Update IMS scope if needed
Update strategic objectives
Update risk assessment (SW-IMS-PRO-002) to reflect new context
Initiate improvement or change initiatives
Communicate relevant findings to organization

Step 6: Store

Context Analysis Report stored in IMS Repository
Summary included in Management Review

5. Identifying Interested Parties (Stakeholders)

5.1 Interested Party Categories

Interested parties are individuals or organizations that can affect or be affected by Swedwise's activities.

Categories:

Category	Examples
Customers	- Current customers (consulting, SaaS) - Prospective customers - Customer end-users
Employees	- Full-time staff - Consultants on client sites - Management team - New hires - Former employees
Suppliers and Partners	- OpenText (software vendor) - Salesforce (platform vendor) - Cloud infrastructure providers (AWS, Azure, Google) - Entiros (data center partner) - Subcontractors and freelancers
Regulators and Authorities	- Swedish Data Protection Authority (IMY) - Swedish Work Environment Authority - Tax authorities - Certification bodies (ISO auditors)
Investors and Owners	- Shareholders/owners - Board of Directors - Financial institutions
Community and Society	- Local communities (Karlstad, Stockholm, Uddevalla) - Professional associations - Industry groups - General public
Environment	- Natural environment (climate, ecosystems) - Future generations
Competitors	- Direct competitors (for talent, customers, partners)
Media	- Industry media - General business media - Social media

5.2 Stakeholder Identification Process

Step 1: Brainstorm

Workshop participants identify all potential interested parties:

Who is affected by our activities?
Who can influence our success?
Who has requirements or expectations of us?
Who do we depend on?
Who depends on us?

Step 2: Categorize

Group interested parties into categories (above).

Step 3: Prioritize

Use Power-Interest Matrix to prioritize stakeholders:

          HIGH INTEREST
               │
    ┌──────────┼──────────┐
    │  KEEP    │  MANAGE  │
    │ INFORMED │  CLOSELY │  ← High Interest
    │          │          │    High Power
    │ (Low Pwr)│ (Hi Pwr) │    = KEY PLAYERS
    ├──────────┼──────────┤
    │ MONITOR  │   KEEP   │
    │(Low Int) │ SATISFIED│
    │(Low Pwr) │ (Hi Pwr) │
    └──────────┼──────────┘
               │
          LOW INTEREST

          LOW POWER ←→ HIGH POWER

Quadrants:

Manage Closely (High Power, High Interest): Key stakeholders requiring active engagement
Keep Satisfied (High Power, Low Interest): Influential stakeholders to keep informed and satisfied
Keep Informed (Low Power, High Interest): Engaged stakeholders to communicate with regularly
Monitor (Low Power, Low Interest): Minimal effort, monitor for changes

Example Mapping:

Interested Party	Power	Interest	Quadrant	Engagement Approach
Current Customers	High	High	Manage Closely	QBRs, surveys, account management
Employees	Medium-High	High	Manage Closely	Town halls, feedback sessions, 1-on-1s
Owners/Investors	High	Medium	Keep Satisfied	Board meetings, financial reports
Regulators (IMY, auditors)	High	Medium	Keep Satisfied	Compliance reports, audit cooperation
Key Suppliers (OpenText, Cloud)	High	Medium	Keep Satisfied	Regular reviews, SLA monitoring
Community	Low	Low	Monitor	Corporate social responsibility

Step 4: Document

Record in Interested Parties Register (SW-IMS-REG-006):

Field	Description
Interested Party	Name/description
Category	Customer, employee, supplier, etc.
Power	Low / Medium / High
Interest	Low / Medium / High
Quadrant	Manage Closely / Keep Satisfied / Keep Informed / Monitor
Relevant to	QMS / EMS / ISMS / All
Contact/Representative	Key contact person or representative
Engagement Approach	How we engage with them

5.3 Interested Party Requirements and Expectations

Objective: Understand what each interested party needs and expects from Swedwise

Step 1: Identify Requirements

For each interested party (especially those in "Manage Closely" and "Keep Satisfied"):

Interested Party	Requirements and Expectations	Type
Customers	- Quality service delivery - On-time, on-budget projects - Expertise and responsiveness - Data security and privacy - Compliance with regulations - Sustainability commitment	Contractual, expected
Employees	- Fair compensation - Career development - Work-life balance - Safe and healthy work environment - Meaningful work - Autonomy and trust	Legal, expected
Regulators	- GDPR compliance - ISO standard compliance - Tax and legal compliance - Work environment safety	Legal, mandatory
Owners	- Profitable growth - Business sustainability - Risk management - Compliance	Contractual
Suppliers	- Timely payment - Fair contracts - Clear communication - Partnership approach	Contractual
Environment	- Minimize carbon footprint - Responsible resource use - Waste reduction	Ethical, expected
Community	- Employment opportunities - Local economic contribution - Responsible corporate citizen	Expected

Step 2: Categorize Requirements

Type	Description	Examples
Legal/Regulatory	Mandatory by law or regulation	GDPR, tax compliance, work environment
Contractual	Agreed in contracts or SLAs	Customer SLAs, supplier agreements
Industry Standards	Expected by industry norms	ISO standards, security best practices
Explicit	Clearly stated by interested party	Customer specifications, employee requests
Implicit	Assumed or generally understood	Professionalism, ethical behavior

Step 3: Assess Relevance to IMS

Determine which requirements are relevant to the IMS (quality, environmental, information security):

Requirement	Relevant to	IMS Implication
GDPR compliance	ISMS	Information security controls for personal data
99.9% SaaS uptime	QMS	Availability monitoring, incident management
Carbon footprint reduction	EMS	Environmental objectives, travel policy
Employee training	All	Competence management, training procedure
Secure software development	ISMS, QMS	Secure SDLC procedure, code reviews

Step 4: Document

Update Interested Parties Register with requirements:

Interested Party	Requirement	Type	Relevant to IMS	How Addressed
Customers	99.9% uptime	Contractual	QMS	Monitoring procedure, SLA reporting
Employees	Career development	Expected	QMS	Training procedure, performance reviews
Regulators (IMY)	GDPR compliance	Legal	ISMS	Data protection controls, privacy policy

Step 5: Link to IMS Processes

Ensure IMS processes address relevant requirements:

Update procedures to incorporate requirements
Define objectives aligned with requirements
Establish metrics to monitor compliance
Include in risk assessment

5.4 Monitoring Changes

Ongoing Monitoring:

Interested parties and their requirements can change. Monitor through:

Source	Frequency	Owner
Customer feedback (surveys, QBRs)	Quarterly	Quality Lead
Employee feedback (engagement surveys, 1-on-1s)	Annual + ongoing	HR Lead
Regulatory updates (legal monitoring)	Monthly	CISO, Legal
Supplier reviews	Quarterly	Procurement / IT
Market intelligence (industry reports, news)	Ongoing	Management Team
Management review	Quarterly	IMS Owner

Trigger Events for Reassessment:

Major customer wins or losses
Significant employee feedback or turnover
New regulations or legal requirements
Strategic partnership or supplier changes
Market disruption or competitive shift
Organizational restructuring
New business lines or service offerings

Process:

Change identified
IMS Owner assesses impact on context and interested parties
Update Context Analysis Report and Interested Parties Register
Update IMS scope, objectives, risks as needed
Communicate changes to relevant staff

6. Determining IMS Scope

Objective: Define the boundaries and applicability of the IMS based on context and interested party requirements

6.1 Scope Definition

The IMS scope defines:

What is covered: Activities, products, services
Where it applies: Locations, facilities
Who it applies to: Organizational units, employees
What standards apply: ISO 9001, ISO 14001, ISO 27001

Current IMS Scope for Swedwise (draft, to be finalized):

Activities:

Software license sales and consulting
Implementation projects
SaaS service delivery (OpenText Communications + Notifications)
Customer support and success
Internal operations and management

Locations:

Karlstad (headquarters)
Stockholm office
Uddevalla office
Remote work locations (employee homes, customer sites)

Organizational Units:

All departments and functions

Standards:

ISO 9001:2015 (Quality Management)
ISO 14001:2015 (Environmental Management)
ISO 27001:2022 (Information Security Management)

Exclusions (if any):

None currently; if exclusions are made, they must be justified and not affect ability to provide conforming products/services or meet requirements.

6.2 Scope Review

The IMS scope is reviewed:

Annually as part of context analysis
When significant changes occur (new locations, new services, organizational changes)
During management review

Approval:

IMS scope approved by Management Team
Documented in IMS Manual (SW-IMS-MAN-001)
Communicated to all staff
Made available to interested parties (customers, certification bodies)

7. Linking Context to IMS Processes

7.1 Strategic Planning

Context analysis and interested party requirements feed into strategic planning:

Context Element	Strategic Planning Input
Strengths	Leverage in market positioning and growth strategy
Weaknesses	Address through improvement initiatives
Opportunities	Pursue through new services, markets, partnerships
Threats	Mitigate through risk management and strategic pivots
Customer requirements	Define quality objectives and service design
Regulatory requirements	Ensure compliance programs and controls
Environmental expectations	Set environmental objectives and targets

7.2 Risk Assessment

Context issues become inputs to risk assessment (SW-IMS-PRO-002):

Context Issue	Risk Type	Example
Small company size	Operational	Resource capacity constraints
Customer concentration	Strategic	Loss of key customer
Cybersecurity threats	Information Security	Ransomware attack
Climate change	Environmental	Carbon footprint reduction expectations
Regulatory changes	Compliance	New data protection requirements

7.3 Objectives and Targets

Interested party requirements inform IMS objectives:

Interested Party	Requirement	IMS Objective
Customers	High satisfaction	NPS ≥ 50
Employees	Career development	40 training hours per employee per year
Regulators	GDPR compliance	Zero major compliance breaches
Owners	Profitable growth	10% YoY revenue growth
Environment	Carbon reduction	-5% YoY carbon footprint

7.4 Performance Monitoring

Context issues and interested party requirements are monitored through KPIs (SW-IMS-PRO-006):

Customer satisfaction surveys
Employee engagement surveys
Compliance audits
Financial performance metrics
Environmental performance metrics
Security incident tracking

8. Inputs and Outputs

Inputs

Previous context analysis results
Industry reports and market intelligence
Customer feedback and requirements
Employee feedback
Regulatory updates
Financial performance data
Risk assessment results
Audit findings
Management team strategic discussions

Outputs

Context Analysis Report
Interested Parties Register (SW-IMS-REG-006)
IMS Scope statement
Strategic objectives
Risk register updates
IMS process updates
Management review input
Communication to organization

9. Roles and Responsibilities

Role	Responsibilities
Management Team	- Participate in context analysis workshop - Provide strategic insights - Approve context analysis results - Define IMS scope - Align strategy with context and requirements - Allocate resources to address context issues
IMS Owner	- Maintain this procedure - Coordinate context analysis process - Facilitate workshops - Maintain Context Analysis Report and Interested Parties Register - Monitor changes in context and requirements - Report context issues in management review - Ensure IMS scope is appropriate
Department Heads	- Participate in context analysis - Provide input on context factors in their areas - Identify interested parties relevant to their functions - Communicate interested party requirements to their teams - Monitor changes affecting their areas
Quality Lead	- Provide input on quality-related context and customer requirements - Monitor customer satisfaction and feedback
Environmental Lead	- Provide input on environmental context factors - Monitor environmental expectations and requirements
CISO	- Provide input on security-related context (threats, regulations) - Monitor cybersecurity landscape
All Employees	- Provide feedback on context factors they observe - Report changes in customer or stakeholder requirements - Understand organizational context and IMS scope

10. Records to Maintain

Record	Retention Period	Location	Owner
Context Analysis Report	7 years	IMS Repository	IMS Owner
Interested Parties Register (SW-IMS-REG-006)	Current + 5 years	IMS Repository	IMS Owner
SWOT Analysis documentation	5 years	IMS Repository	IMS Owner
PESTLE Analysis documentation	5 years	IMS Repository	IMS Owner
IMS Scope statement	Current version + superseded versions for 7 years	IMS Manual	IMS Owner
Context analysis workshop notes	3 years	IMS Repository	IMS Owner

SW-IMS-POL-001 - Integrated Management System Policy
SW-IMS-MAN-001 - IMS Manual (includes IMS scope statement)
SW-IMS-PRO-002 - Risk Assessment Procedure
SW-IMS-PRO-006 - Monitoring and Measurement Procedure
SW-IMS-PRO-XXX - Management Review Procedure (when created)
SW-IMS-PRO-XXX - Strategic Planning Procedure (when created)
SW-IMS-REG-006 - Interested Parties Register

12. Continuous Improvement

This procedure is subject to continuous improvement:

Context analysis methods refined based on effectiveness
Interested party identification expanded as relationships grow
Engagement approaches optimized based on feedback
Integration with strategic planning strengthened

Suggestions for improvement should be submitted using the Improvement Suggestion Form (SW-IMS-FRM-002).

Appendix A: Context Analysis Workshop Agenda

Purpose: Annual comprehensive context analysis
Duration: 4 hours
Participants: Management Team, IMS Owner, Department Heads, Quality/Environmental/Security Leads

Agenda:

Time	Activity	Method
0:00-0:15	Welcome and Introduction - Review purpose and objectives - Review previous context analysis	Presentation
0:15-1:00	Internal Context Analysis - SWOT analysis - Capability assessment - Organizational changes since last analysis	Facilitated discussion, brainstorming
1:00-1:45	External Context Analysis - PESTLE analysis - Competitive landscape - Market trends - Regulatory changes	Facilitated discussion, brainstorming
1:45-2:00	Break	-
2:00-2:45	Interested Parties Analysis - Identify interested parties - Map power-interest matrix - Determine requirements and expectations	Facilitated discussion, stakeholder mapping
2:45-3:30	Implications and Actions - Key changes and significant issues - Implications for IMS scope and processes - Strategic implications - Priority actions	Discussion, prioritization
3:30-4:00	Summary and Next Steps - Summarize key findings - Assign follow-up actions - Confirm next review date - Close	Summary, action planning

Post-Workshop Actions:

IMS Owner drafts Context Analysis Report
Circulate to workshop participants for review
Incorporate feedback
Present to Management Team for approval
Update Interested Parties Register
Update Risk Register with new context-related risks
Update strategic objectives if needed
Update IMS scope if needed
Communicate relevant findings to organization

[List key strengths]

Weaknesses:

[List key weaknesses]

Opportunities:

[List key opportunities]

Threats:

[List key threats]

Organizational Capabilities

Capability	Current State	Target State	Gap	Priority
[Capability]	[Description]	[Description]	[High/Medium/Low]	[High/Medium/Low]

Key Changes Since Last Analysis

[List significant internal changes]

3. External Context Analysis

PESTLE Analysis

Factor	Key Issues	Impact on Swedwise
Political	[Issues]	[Impact]
Economic	[Issues]	[Impact]
Social	[Issues]	[Impact]
Technological	[Issues]	[Impact]
Legal	[Issues]	[Impact]
Environmental	[Issues]	[Impact]

Competitive Landscape

Key Competitors: [List]
Competitive Advantages: [List]
Competitive Threats: [List]
Market Position: [Description]

Market Trends

[List key market trends and implications]

Regulatory Environment

[List key regulations and compliance requirements]

Key Changes Since Last Analysis

[List significant external changes]

4. Interested Parties Analysis

Key Interested Parties

Interested Party	Power	Interest	Quadrant	Key Requirements
[Party]	[H/M/L]	[H/M/L]	[Quadrant]	[Requirements]

Changes in Requirements

[List significant changes in interested party requirements]

5. Implications for IMS

IMS Scope

Current Scope: [Description]
Proposed Changes: [If any]
Rationale: [Explanation]

Strategic Objectives

Alignment: How do current objectives align with context?
Proposed Changes: [If any]

Risk Assessment

New Risks Identified: [List]
Changed Risk Priorities: [List]
Risk Register Update Required: [Yes/No]

Process Changes

Required Process Updates: [List processes needing updates]

6. Actions and Recommendations

Action	Owner	Target Date	Priority
[Action description]	[Name]	[Date]	[H/M/L]

7. Conclusion

Summary of key takeaways and strategic direction.

Approval

Role	Name	Signature	Date
IMS Owner
Management Team Representative

Appendix C: Interested Parties Register Template

See SW-IMS-REG-006 - Interested Parties Register

Sample Entry:

Field	Value
Interested Party	SaaS Customers (large public sector organizations)
Category	Customer
Power	High
Interest	High
Quadrant	Manage Closely
Relevant to	QMS, ISMS, EMS
Contact/Representative	Account Managers, Customer Success Lead
Requirements	- 99.9% service availability - GDPR compliance - ISO 27001 certification - Data residency in Sweden - 24/7 support - Environmental sustainability commitment
Engagement Approach	- Quarterly Business Reviews (QBRs) - Monthly SLA reports - Annual satisfaction surveys - Direct access to Account Manager - Customer portal for support and documentation
How Requirements Addressed in IMS	- Monitoring Procedure (SW-IMS-PRO-006) for SLA tracking - Information Security Policy (SW-ISMS-POL-001) - ISO 27001 certification - Data center partner in Sweden (Entiros) - Support Procedure - Environmental Policy (SW-EMS-POL-001)

Document Control

Version	Date	Author	Changes
1.0	[TBD]	[Author]	Initial release

Approval

Role	Name	Signature	Date
IMS Owner
Management Team Representative