Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Understanding the organization and its context

  Quote
Guest
Guest user Created:   Jun 18, 2020 Last commented:   Jun 18, 2020

Understanding the organization and its context

1. Can you provide any guidance or clarity on defining Clause 4.1 of ISO 27001, determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system?

2. Also, where is this typically documented?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 18, 2020

1. Can you provide any guidance or clarity on defining Clause 4.1 of ISO 27001, determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system?

Examples of external issues are: geographical location, public infrastructure available, political, economic, social and technological trends, etc.
Examples of interested parties: clients, suppliers, top management, and employees, etc.
Examples of internal issues are: organizational culture, processes, and procedures, equipment, financial resources, etc.

This article can help you:

2. Also, where is this typically documented?

ISO 27001 does not require documenting the context of the organization, and this is especially not recommended for smaller organizations - you only need to take into the context of the organization when defining the scope and doing the risk assessment.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 18, 2020

Jun 18, 2020

Suggested Topics