SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Identify Internal and External issues

Guest

Identify Internal and External issues

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Identify Internal and External issues

ISO 27001 & 22301
 The standard requires that we identify internal and external issues that are relevant to the organization. According to ISO 31000 these factors could be cultural, political, financial, etc. But what about these factors I have to collect and what it can influence the information security?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
AntonioS Jan 12, 2016

You are right, but remember that ISO 31000 is designed for the management of any type of risk (financial, environmental, etc). Also remember that ISO 31000 is a guideline, so it is not mandatory. As you know, ISO 27001 is focused in information security, so you need to identify internal and external issues related to it. Anyway, you can read this article where we talk about how to identify internal and external issues “Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)": https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

Quote
0 0
Guest
Guest post Jan 12, 2016

I noticed in the article indicated that the clause 7.2 is included in internal issues. I must prove that people involved in the implementation of the ISMS has competence to perform these tasks, or should I just have evidence that gave training to all company employees to become aware?

Quote
0 0
Guest
AntonioS Jan 12, 2016

Sorry for the delay! Here you have our answer:

You must prove that people involved in the implementation of the ISMS has competence to perform these tasks, and you need to have evidence that gave training to all company employees (mainly those who are involved in the scope of the ISMS) to become aware.

Finally, I recommend you to read this article, I think that will be useful for you "How to perform training & awareness for ISO 27001 and ISO 22301" : https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/

Quote
0 0
Guest
Guest post Jan 12, 2016

Hi, do you have any template for identify the internal and external parties issues,  if yes please share. 

Thanks

G. V. Thanikachalam

Quote
0 0
Guest
AntonioS Jan 12, 2016

Sure, you can use our template for the identification of internal and external parties "Procedure for Identification of Requirements": https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/

Also I recommend you to read this article "How to identify interested parties according to ISO 27001 and ISO 22301": https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Understanding the organization and its context
Guest user Created:   Aug 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Linking the external/internal issues and interested parties to the risk and opportunities
Guest user Created:   Mar 05, 2021 ISO 27001 & 22301
Replies: 1
1 1

Including SOC 2 controls in SoA