What an ISO 27001 Context of Organisation contains, how to write it and a downloadable template.
What is Context Of Organisation?
The ISO 27001 Context of Organisation document is a simple document that is also light touch risk document. It will set the scene for the information security management system by capturing some key information in the early stages of the implementation. These are the things that can influence the information security management system and your implementation.
It looks at 3 main aspects being
Internal Issues – things that are internal to your organisation that have an influence on the capability of the Information Security Management System. It is necessary to understand the internal context.
External Issues – things that are external that have influence on the capability and operation of the information security management system.
Interested Parties – consider a stakeholder analysis of the the who and what their interests are.
The context of organisation looks at things that can influence the information security management system of an organisation in a structured way and records them. It allows you to tweak and bespoke the information security management system based on some key considerations. It looks at internal and external influences as well as key stakeholders and their requirements.
ISO 27001 Context of Organisation Tutorial
In this short tutorial we show you how you can use an ISO 27001 Context of Organisation document.