Expert Advice Community

Guest

ISO 27001 - Context of Organization

  Quote
Guest
Guest user Created:   Dec 17, 2020 Last commented:   Dec 17, 2020

ISO 27001 - Context of Organization

Does ISO 27001 say that organizations have to understand internal and external issues, interested parties and their requirements, when defining the ISMS scope? Is it correct to say "YES"? Or the understanding has to take place BEFORE and not DURING or WHEN ?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 17, 2020

ISO 27001 clause 4.3 (Determining the scope of the information security management system) requires an organization to consider the following when defining the ISMS scope:

  • relevant internal and external issues to the organization’s purpose and which can impact, or be impacted, by the ISMS intended results
  • requirements of interested parties
  • interfaces and dependencies between activities that are and are not considered for the ISMS scope

For considering something you need to understand that thing, but the standard does not define when this information needs to be gathered and understood, but as soon as it is available, the faster you will be able to define an ISMS scope that is relevant and integrated to organizations operations.

These articles will provide you a further explanation about scope definition:

These materials will also help you regarding scope definition:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 17, 2020

Dec 17, 2020