Clauses 4.1 and 4.2 in a software development organization
Assign topic to the user
Your question is very common, and these are points where ISO 27001 has been aligned with other ISOs, but dont worry we can help you to understand this point. Regarding to the context, please read this article, will be very helpful for you Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/. For example, for internal issues you must to make sure that your information security objectives are aligned with the business strategy. In your business: improve the security of the source code establishing security controls.
Regarding to the interested parties, please read this article How to identify interested parties according to ISO 27001 and ISO 223 01": https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//. In your case, an interested party can be developers, the Internet Service Provider, etc.
Please let us know if you need more help.
Comment as guest or Sign in
Jan 12, 2016