ISO 27001 Organisation Overview Guide

ISO 27001 Organisation Overview Guide

How to write an ISO 27001 Organisation Overview, what an Organisation Overview is and how to use it, and an Organisation Overview Downloadable Template.

Stuart Barker

What is the ISO 27001 Organisation Overview?

The Organisation Overview collates all the information about your organisation that could and does inform and influence the information security management system.

It is information that you know and brings it together into a hand document to share with auditors and third parties to bring them up to speed on who you are quickly.

It will save you time in the long run and is easy to create and record.

Hargobind shirt laughing to camera - Consultant at High Table

How does it work?

ISO 27001 is an information security management system for your organisation. As it is designed for your organisation you are going to want to tailor certain aspects of it to your needs.

When it comes to the certification audit the auditor is going to want to look at the connection between who you are and the ISMS you have deployed.

ISO 27001 Organisation Overview template

ISO 27001 Organisation Overview Template

ISO 27001 templates can fast track an implementation and the Organisation Overview Template is pre populated with best practice.

Every journey starts with a first step

The first step on the journey is to understand who you are. This is the easiest of all the steps. You certainly know who you are. For the purposes of the ISO 27001 certification you are going to want to write that down. The benefits of writing it down are

  • It will meet the needs of the standard
  • It will set a common vision and answer to who you are
  • You can share with staff, new employees and those new to the organisation

ISO 27001 Organisation Overview Template Walkthrough

What an ISO 27001 Organisation Overview contains

The organisation overview is going to cover

About us

A brief textual overview of who you are. Often people take this from their marketing materials or about us page on their website. Keep it high level but include enough information so someone that does not know you can quickly understand about you.

Your Products and Services

A list of your products and services as your customer would know them. A comprehensive list of what it is that you sell and / or provide to customers.

Your Locations

A list of the locations both real and virtual that company uses. Include as much details as you can from addresses if known to regions or countries for cloud services.

Your Mission Statement

What your companies mission is. If you have one and you know it.

Your Values

The values of the company.

Your Business Objectives

What is the business hoping to achieve over the next 12 months and the long term.

Why it contains these points

Each of the points above can directly influence and impact aspects of the information security management system and how you go about managing risks and controls.

How to create and use an ISO 27001 Organisation Overview

In this short tutorial we show you how you can do it yourself with step by step instructions.

ISO 27001 Organisation Overview Frequently Asked Questions

What is the ISO 27001 Organisation Overview?

It is a document that describes who you are. You use the Organisation Overview to explain to auditors, clients and employees who you are, what your business objectives are, what your values are. It allows you to show, and to make, a connection to the implementation of the information security management system based on who you are.

Do I need an ISO 27001 Organisation Overview?

Yes. And no. You need to be able to show the connection between who you are and why the information security management system is built and implemented the way it is. The information is straightforward and you may have it in other locations. This is fine. It is just easier all round to collate that information into one document and one place to smooth the process of audits.

What is the best format to record and ISO 27001 Organisation Overview In?

The easiest format to record it in is Microsoft Word document. Any word processing package will do.

Who uses The ISO 27001 Organisation Overview?

In reality it used as part of the audit process to demonstrate the connection between who you are and the information security management system you have deployed.

Where do I get a downloadable ISO 27001 Organisation Overview Template?

You can get a downloadable Organisation Overview Template here: https://hightable.io/product/iso-27001-organisation-overview/

What does and ISO 27001 Organisation Overview contain?

It contains information about you. It will include an overview of who you are, what you do, what your business objectives are, what your values are. All information that you already know. As it is all about you.

ISO 27001 Certification

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Shopping Cart