4.1 – Understanding the Organisation and its Context
One of the elements of ISO 27001: 2013 is about the context of an organisation. This is very helpful as it ensures that all of your efforts with your ISMS relate back to your organisation’s ‘reason for being’
The challenges of understanding an organisation’s context
It can be difficult to find information and guidance on what it means to find the right context, and that we are considering the correct internal and external issues. Here we guide you through an exercise that we have used for your own company to help you get on the right track with preparing for ISO 27001: 2013.
The ISO 27001 auditors are essentially looking to find out about your organisation’s background, the context in which you are operating, as well as your purpose. The way we do that is to identify the internal and external issues that our organisation could face.
Examples of internal issues facing an organisation
The products that you sell
Examples of external issues facing an organisation