How to write an ISO 27001 Organisation Overview, what an Organisation Overview is and how to use it, and an Organisation Overview Downloadable Template.
What is the ISO 27001 Organisation Overview?
The Organisation Overview collates all the information about your organisation that could and does inform and influence the information security management system.
It is information that you know and brings it together into a hand document to share with auditors and third parties to bring them up to speed on who you are quickly.
It will save you time in the long run and is easy to create and record.
Table of contents
- What is the ISO 27001 Organisation Overview?
- Every journey starts with a first step
- What an ISO 27001 Organisation Overview contains
- Why it contains these points
- How to create and use an ISO 27001 Organisation Overview
- Read Next
How does it work?
Every journey starts with a first step
The first step on the journey is to understand who you are. This is the easiest of all the steps. You certainly know who you are. For the purposes of the ISO 27001 certification you are going to want to write that down. The benefits of writing it down are
- It will meet the needs of the standard
- It will set a common vision and answer to who you are
- You can share with staff, new employees and those new to the organisation
ISO 27001 Organisation Overview Template Walkthrough
What an ISO 27001 Organisation Overview contains
The organisation overview is going to cover
A brief textual overview of who you are. Often people take this from their marketing materials or about us page on their website. Keep it high level but include enough information so someone that does not know you can quickly understand about you.
Your Products and Services
A list of your products and services as your customer would know them. A comprehensive list of what it is that you sell and / or provide to customers.
A list of the locations both real and virtual that company uses. Include as much details as you can from addresses if known to regions or countries for cloud services.
Your Mission Statement
What your companies mission is. If you have one and you know it.
The values of the company.
Your Business Objectives
What is the business hoping to achieve over the next 12 months and the long term.
Why it contains these points
Each of the points above can directly influence and impact aspects of the information security management system and how you go about managing risks and controls.
How to create and use an ISO 27001 Organisation Overview
In this short tutorial we show you how you can do it yourself with step by step instructions.
ISO 27001 Organisation Overview Frequently Asked Questions
It is a document that describes who you are. You use the Organisation Overview to explain to auditors, clients and employees who you are, what your business objectives are, what your values are. It allows you to show, and to make, a connection to the implementation of the information security management system based on who you are.
Yes. And no. You need to be able to show the connection between who you are and why the information security management system is built and implemented the way it is. The information is straightforward and you may have it in other locations. This is fine. It is just easier all round to collate that information into one document and one place to smooth the process of audits.
The easiest format to record it in is Microsoft Word document. Any word processing package will do.
In reality it used as part of the audit process to demonstrate the connection between who you are and the information security management system you have deployed.
You can get a downloadable Organisation Overview Template here: https://hightable.io/product/iso-27001-organisation-overview/
It contains information about you. It will include an overview of who you are, what you do, what your business objectives are, what your values are. All information that you already know. As it is all about you.