Expert Advice Community

Guest

Organizational context

  Quote
Guest
Guest user Created:   May 13, 2017 Last commented:   May 13, 2017

Organizational context

Can you please elaborate different types of context as per ISO 27K prospective? Please provide relevant examples to understand the same.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 13, 2017
Please specify on which type of context organisation has its own controls and on which not?

Answer: For different contexts you can consider banks, hospitals and internet providers. All of them have specific business requirements to drive information security. Banks need to protect account holders financial data, hospitals need to protect patient's health data, and internet providers must protect users data flow. All of them must protect confidentiality, integrity and availability, but for different information, and in different degrees, so they will require different controls set and security levels.

For example, the acceptable delay in providing information for a internet user can be completely different from a hospital patient, leading to a different set of controls.

Regarding responsibility for controls, organizations that run its own IT infrastructure owns much more controls than those which outsource them, for example, by adopting a Software as a Service Solution.

These articles will provide you further explanation about Organizational context:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding Organizational context:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 13, 2017

May 13, 2017