Context of the Organization, where is this in Conformio?
Assign topic to the user
Clause 4 (Context of the organization) of ISO 27001:2013 has 4 sub-clauses:
- 4.1 Understanding the organization and its context – ISO 27001 does not require internal and external issues related to the ISMS to be documented. These internal and external issues need to be taken into account when defining the scope (please see the explanation below).
- 4.2 Understanding the needs and expectations of interested parties – the evidence for this sub-clause is the list of applicable legislation and contractual requirements, available in the Register of requirements module, an in the List of Legal, Regulatory, and Contractual Requirements report, generated by this module.
- 4.3 Determining the scope – the evidence of this sub-clause is the ISMS Scope document
- 4.4 Information security management system – all documents and records created in Conformio are evidence for this sub-clause
In case the auditor request evidence of clause 4.1, you can use the ISMS scope document and the Risk assessment and Risk Treatment report, because internal and external issues are used as input for their elaboration.
This article will help you:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
Comment as guest or Sign in
Jan 20, 2022