Guest
Linking the external/internal issues and interested parties to the risk and opportunities
For ISO27001 certification, is there also a need to explicitly identify or link the external/internal issues and interested parties to the risk and opportunities?
Since for risk assessment and treatment approach, they often started from assets perspective.
Assign topic to the user
Expert
Rhand Leal
Aug 23, 2021
ISO 27001 does not require an explicit identification/link between external/internal issues, interested parties, risks, and opportunities, so this issue is not a certification requirement.
The standard only requires that external/internal issues, interested parties are determined.
These articles will provide you a further explanation about internal/external issues and interested parties:
- How to define context of the organization according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Aug 23, 2021
Aug 23, 2021
Aug 23, 2021