Thanks Andyn and John
Andyn, What I understand, i´ll explain it in a simple manner.
Regarding to context: In a strategic thinking, I have to identify issues, external and internal, positive and negatives and monitoring and reviewing them.
Then, based on this I have to draw my strategy to guide my company at reaching my goals.
Regarding to interested parties:
I have to identify persons/organizations and also their reason to include them, also their requirements.
If I don´t comply their requirements, I may not reach my purposes.
also because negative issues on their side.
For that, I have an excel file where I show the way I´m approaching Context and interested parties.
It is pending to define the responsibles for monitoring and reviewing and the method to do it, please comment on this.
Do you think that auditor will ask evidences of this two activities (monitoring and reviewing)?
Thanks a lot.
PD
The way I´m considering the risk is:
Im not considering the risk directly from the CTX and Int. Parties, instead,
(6.1) at planning the system, I try to understand CTX and IP, afterwards I try to detect Risks and Opportunities.