Identify Internal and External issues
Assign topic to the user
You are right, but remember that ISO 31000 is designed for the management of any type of risk (financial, environmental, etc). Also remember that ISO 31000 is a guideline, so it is not mandatory. As you know, ISO 27001 is focused in information security, so you need to identify internal and external issues related to it. Anyway, you can read this article where we talk about how to identify internal and external issues Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)": https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
I noticed in the article indicated that the clause 7.2 is included in internal issues. I must prove that people involved in the implementation of the ISMS has competence to perform these tasks, or should I just have evidence that gave training to all company employees to become aware?
Sorry for the delay! Here you have our answer:
You must prove that people involved in the implementation of the ISMS has competence to perform these tasks, and you need to have evidence that gave training to all company employees (mainly those who are involved in the scope of the ISMS) to become aware.
Finally, I recommend you to read this article, I think that will be useful for you "How to perform training & awareness for ISO 27001 and ISO 22301" : https://advisera.com/27001academy/blog/2014/05/19/how-to-perform-training-awareness-for-iso-27001-and-iso-22301/
Hi, do you have any template for identify the internal and external parties issues, if yes please share.
Thanks
G. V. Thanikachalam
Sure, you can use our template for the identification of internal and external parties "Procedure for Identification of Requirements": https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/
Also I recommend you to read this article "How to identify interested parties according to ISO 27001 and ISO 22301": https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 12, 2016