Expert Advice Community

Guest

Internal and external issues and interested parties in ISO 27001

  Quote
Guest
DejanK Created:   Jan 12, 2016 Last commented:   1d ago

Internal and external issues and interested parties in ISO 27001

I've received this question: Can you help me to find the "internal and external issue" and the "interested parties" in order to understanding the my organization's context for iso 27001? Answer: Internal issues and external issues will be mostly discovered during the risk assessment process and by identifying interested parties, so in my opinion you don't have to do much more than that. If you want to do additional step, then you can perform the SWOT analysis (Strengths-Weaknesses-Opportunities-Threats), and PEST analysis (Political-Economical-Social-Technological impacts). To identify interested parties, you need to see who can influence the confidentiality, integrity and availability of your information, or who will be influenced by your activities. Normally, these include your customers, partners, government agencies, local community, employees, shareholders, etc.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Guest post Jan 12, 2016
When ISO 31000 says that the risk assessment starts with the identification if Issues, then  how to proceed?
Quote
0 0
Guest
AntonioS Jan 12, 2016
I am sorry, but ISO 31000 does not say specifically that the risk assessment starts with the identification of issues (I suppose that you mean this). In accordance with ISO 31000 (clause 5.4.1 General): "Risk assessment is the overall process of risk identification, risk analysis and risk evaluation". And in the clause 5.4.2 Risk identification, you can read "The organization should identify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences". So, you can start the risk assessment with the risk identification, after you can continue with the risk analysis and finally you can continue with the risk evaluation.

Anyway, if you are interested in the identification of issues, this article can be interesting for you "Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)" : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
Quote
0 0
Guest
brucezc11 Sep 18, 2021
Free Porn Pictures and Best HD Sex Photos http://walnutspringsrobotss*************************** mclaren porn free young girls cartoon porn sploshing porn e mature porn free xxx porn teen mpegs videos
Quote
0 0
Guest
luellakl69 1d ago
New super hot photo galleries, daily updated collections http://cashmereoldwoman*********************** porn model for private work gay porn pa reality porn bisexual ffm pete teen porn porn gette
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Sep 19, 2021