Expert Advice Community

Guest

ISO 27001 questions about implementation of the standard

  Quote
Guest
Guest user Created:   Apr 19, 2021 Last commented:   Apr 19, 2021

ISO 27001 questions about implementation of the standard

1 - Is it a fundamental prerequisite for certification in the standard?

2 - How deep should the mapping and documentation for the scope be?

3 - Overall, I still have a lot of questions about the topic "Organization context" and everything it should cover ...

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 19, 2021

1 - Is it a fundamental prerequisite for certification in the standard?

Process mapping is not a prerequisite for ISO 27001 certification, although it is useful to facilitate understanding of the context and the identification of risks. 

2 - How deep should the mapping and documentation for the scope be?

Since this is not a mandatory requirement, just a good practice for understanding the context and establishing the scope, the process mapping does not need to be done, or documented in the scope document.

If the organization decides to carry out the mapping, its level of detail will depend on what the organization considers sufficient to decide that the scope is properly defined.

3 - Overall, I still have a lot of questions about the topic "Organization context" and everything it should cover ...

First is important to note that the context of the organization do not need to be documented.

Considering that, the context of the organization is any internal or external factor that can affect the ISMS, and concrete examples of elements of organizational context are:

  • for external issues: geographical location, public infrastructure available, political, economic, social, and technological trends, etc. 
  • for internal issues: organizational culture, processes, and procedures, equipment, financial resources, etc.

Based on these you can identify elements that can help you understand how information security must be considered.

This article will provide you a further explanation about the Context of the organization for 27001:

These materials will also help you regarding the Context of the organization for 27001:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Apr 19, 2021

Apr 19, 2021