SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Internal and external issues and interested parties in ISO 27001

Guest

Internal and external issues and interested parties in ISO 27001

ISO 27001 & 22301
  Quote
Guest
DejanK Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Internal and external issues and interested parties in ISO 27001

ISO 27001 & 22301
I've received this question: Can you help me to find the "internal and external issue" and the "interested parties" in order to understanding the my organization's context for iso 27001? Answer: Internal issues and external issues will be mostly discovered during the risk assessment process and by identifying interested parties, so in my opinion you don't have to do much more than that. If you want to do additional step, then you can perform the SWOT analysis (Strengths-Weaknesses-Opportunities-Threats), and PEST analysis (Political-Economical-Social-Technological impacts). To identify interested parties, you need to see who can influence the confidentiality, integrity and availability of your information, or who will be influenced by your activities. Normally, these include your customers, partners, government agencies, local community, employees, shareholders, etc.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
Guest post Jan 12, 2016

When ISO 31000 says that the risk assessment starts with the identification if Issues, then  how to proceed?

Quote
0 0
Guest
AntonioS Jan 12, 2016

I am sorry, but ISO 31000 does not say specifically that the risk assessment starts with the identification of issues (I suppose that you mean this). In accordance with ISO 31000 (clause 5.4.1 General): "Risk assessment is the overall process of risk identification, risk analysis and risk evaluation". And in the clause 5.4.2 Risk identification, you can read "The organization should identify sources of risk, areas of impacts, events (including changes in circumstances) and their causes and their potential consequences". So, you can start the risk assessment with the risk identification, after you can continue with the risk analysis and finally you can continue with the risk evaluation.

Anyway, if you are interested in the identification of issues, this article can be interesting for you "Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization)" : https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits
Guest user Created:   Oct 07, 2022 ISO 27001 & 22301
Replies: 1
0 0

Documentation request
Guest user Created:   Aug 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Linking the external/internal issues and interested parties to the risk and opportunities