Expert Advice Community

Guest

Context of the Organization, where is this in Conformio?

  Quote
Guest
Guest user Created:   Jan 20, 2022 Last commented:   Jan 20, 2022

Context of the Organization, where is this in Conformio?

Where in Conformio are clauses 4.1, 4.2 and 4.3 addressed? We completed stage 1 a few weeks ago and the auditor listed this critical finding "Cl. 4.0 Context of the Organization is not determined" We are scheduled for stage 2 in 1 week, and need to find/create this document fast.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 20, 2022

Clause 4 (Context of the organization) of ISO 27001:2013 has 4 sub-clauses:
- 4.1 Understanding the organization and its context – ISO 27001 does not require internal and external issues related to the ISMS to be documented. These internal and external issues need to be taken into account when defining the scope (please see the explanation below).
- 4.2 Understanding the needs and expectations of interested parties – the evidence for this sub-clause is the list of applicable legislation and contractual requirements, available in the Register of requirements module, an in the List of Legal, Regulatory, and Contractual Requirements report, generated by this module.
- 4.3 Determining the scope – the evidence of this sub-clause is the ISMS Scope document
- 4.4 Information security management system – all documents and records created in Conformio are evidence for this sub-clause

In case the auditor request evidence of clause 4.1, you can use the ISMS scope document and the Risk assessment and Risk Treatment report, because internal and external issues are used as input for their elaboration.

This article will help you:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 20, 2022

Jan 20, 2022