Internal/external issues
Assign topic to the user
>1) what are the internal issues that could influence your information security ?
Answer: examples of internal issues are organizational culture, organizational strucuture, roles and responsibilities, strategies, policies, objectives, available resources, etc.
>2) what are the external issues hat could influence your information security ?
Answer: examples of internal issues are relationship with customers, government, certification and regulation bodies, political, technological, economic and social environments, among others.
>3) Do we need to document these issues once found ?
Answer: documenting the internal and external issues found is not mandatory by ISO 27001:2015, but is highly recommended. This information is used to develop many other mandatory documents (e.g., ISMS scope, required laws and regulations to be followed, security objectives, etc.), so it is a good idea to have a document containing the information that was used to develop te mandatory documents.
For more information you can read these articles:
[How to identify interested parties according to ISO 27001 and ISO 22301](https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//)
[Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) ](https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/)
[List of mandatory documents required by ISO 27001 (2013 revision) ](https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/?icn=free-knowledgebase-27001&ici=bottom-list-of-mandatory-documents-required-by-iso-27001-2013-revision-txt)
Comment as guest or Sign in
Nov 01, 2016