Expert Advice Community

Guest

Context of the organization in ISO 27001

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Context of the organization in ISO 27001

What does it mean: context of the organization? The auditor want to see the context of the organization chapter in the isms. Can you help me, what to write in it?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Clause 4 (Context of the organization) of ISO 27001:2013 has 4 sub-clauses:
- 4.1 Understanding the organization and its context - this does not need to be documented
- 4.2 Understanding the needs and expectations of interested parties - you need to produce a list of applicable legislation and contractual requirements because of control A.18.1.1
- 4.3 Determining the scope - you must write a scope document
- 4.4 Information security management system - you don't have to write a separate document for this sub-clause

These articles will help you:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Quote
0 0
Guest
Guest post Jan 12, 2016

Hello Dejan,

Related to 4.1 Understanding the organization and its context. You say this does not need to be documented; it means that it's not necessary to write anything about this requirement ? Maybe the auditor will search for evidence in order to be compliant with this requirement.

Thanks

Quote
0 0
Guest
AntonioS Jan 12, 2016

Yes, you are right, it is not necessary to have a document for the clause 4.1, but the auditor can request you evidences of implementation. If you want to know the list of mandatory documents of the standard, please see this article "List of mandatory documents required by ISO 27001 (2013 revision)": https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016