Expert Advice Community

Guest

Linking the external/internal issues and interested parties to the risk and opportunities

  Quote
Guest
Guest user Created:   Aug 23, 2021 Last commented:   Aug 23, 2021

Linking the external/internal issues and interested parties to the risk and opportunities

For ISO27001 certification, is there also a need to explicitly identify or link the external/internal issues and interested parties to the risk and opportunities? Since for risk assessment and treatment approach, they often started from assets perspective.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 23, 2021

ISO 27001 does not require an explicit identification/link between external/internal issues, interested parties, risks, and opportunities, so this issue is not a certification requirement.

The standard only requires that external/internal issues, interested parties are determined.

These articles will provide you a further explanation about internal/external issues and interested parties:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 23, 2021

Aug 23, 2021