My main 'job' is to find out where my organization stands and what they should do in order to get ISO27001 certified. Do you have any tips or directions or questions that I should keep in mind while trying to gather as much information about the company as possible?
Answer: Following the sequence recommend to implement an ISMS, you should start identifying the organizational context, the internal and external issues considered most relevant to ISMS (e.g., geographical location, organizational culture, public infrastructure available, etc.), and the interested parties, the relevant people with interest in ISMS results (e.g., clients, suppliers, top management, employees, etc). By knowing the internal and external issues interested parties, you can start think about which kind of questions you should ask.