Question 1: According to standard 31000 external issues can be: Setting cultural, social, political, legal, financial, technological, etc. But what information about those items I need to be in compliance with section 4.1 of ISO 27001?
Question 2: Which document should I put this information?
Answer:
Point 1: It is also the same applicable to ISO 27001, anyway this article can help you Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
Point 2: At the end of the article of the point 1, you have a link for the document Procedure for identification of requirements : https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/. You can see a free version of this template clicking on Free Demo tab, and you can use it for the clause 4.1 of the standard.
This question arose after I read this article, you can give an example of an external context linked to interested parties?
Comment as guest or Sign in
Jan 12, 2016