Information to capture external and internal issues
Assign topic to the user
Answer:
Regarding the external issues, the information that you need to capture includes the identification of interested parties and their requirements (interested parties can be employees, suppliers, etc). This article can be interesting for you "How to identify interested parties according to ISO 27001 and ISO 22301" : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Regarding the internal issues, you need to make sure that your information security objectives are aligned with the business strategy, perform the risk assessment, determine resources, information security roles and responsibilities, capabilities, etc.
For more information, please read this article “Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)” : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
By the way, ou r online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 25, 2016