Expert Advice Community

Guest

Understanding the organization and its context

  Quote
Guest
Guest user Created:   Jun 18, 2020 Last commented:   Jun 18, 2020

Understanding the organization and its context

1. Can you provide any guidance or clarity on defining Clause 4.1 of ISO 27001, determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system?

2. Also, where is this typically documented?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 18, 2020

1. Can you provide any guidance or clarity on defining Clause 4.1 of ISO 27001, determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system?

Examples of external issues are: geographical location, public infrastructure available, political, economic, social and technological trends, etc.
Examples of interested parties: clients, suppliers, top management, and employees, etc.
Examples of internal issues are: organizational culture, processes, and procedures, equipment, financial resources, etc.

This article can help you:

2. Also, where is this typically documented?

ISO 27001 does not require documenting the context of the organization, and this is especially not recommended for smaller organizations - you only need to take into the context of the organization when defining the scope and doing the risk assessment.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 18, 2020

Jun 18, 2020

Suggested Topics

Guest user Created:   Aug 14, 2020 ISO 27001 & 22301
Replies: 1
0 0

Defining the Scope

Guest user Created:   Sep 02, 2017 ISO 27001 & 22301
Replies: 1
0 0

Legal requirements