ISO 27001 Organisation Overview Guide

Home / ISO 27001 Templates / ISO 27001 Organisation Overview Guide

In this article I lay bare how to write, deploy and implement an ISO 27001 Organisation Overview. A beginners guide, exposing the insider trade secrets, giving you the templates that will save you hours of your life and showing you exactly what you need to do to satisfy it for ISO 27001 certification. We show you exactly what changed in the ISO 27001:2022 update. I am Stuart Barker the ISO 27001 Ninja and this is the ISO 27001 Organisation Overview.

What is the ISO 27001 Organisation Overview?

The Organisation Overview collates all the information about your organisation that could and does inform and influence the information security management system.

It is information that you know and brings it together into a hand document to share with auditors and third parties to bring them up to speed on who you are quickly. We document an overview of who we and at the same time we define the ISO 27001 Context of Organisation requirements.

It will save you time in the long run and is easy to create and record.

How does it work?

ISO 27001 is an information security management system for your organisation. As it is designed for your organisation you are going to want to tailor certain aspects of it to your needs.

When it comes to the certification audit the auditor is going to want to look at the connection between who you are and the ISMS you have deployed.

DO IT YOURSELF ISO 27001

STOP SPANKING £10,000s

ISO 27001 Toolkit

ISO 27001 Organisation Overview Template

ISO 27001 Organisation Overview Template

Every journey starts with a first step

The first step on the journey is to understand who you are. This is the easiest of all the steps. You certainly know who you are. For the purposes of the ISO 27001 certification you are going to want to write that down. The benefits of writing it down are

  • It will meet the needs of the standard
  • It will set a common vision and answer to who you are
  • You can share with staff, new employees and those new to the organisation

ISO 27001 Organisation Overview Template Walkthrough

What an ISO 27001 Organisation Overview contains

The organisation overview is going to cover

About us

A brief textual overview of who you are. Often people take this from their marketing materials or about us page on their website. Keep it high level but include enough information so someone that does not know you can quickly understand about you.

Your Products and Services

A list of your products and services as your customer would know them. A comprehensive list of what it is that you sell and / or provide to customers.

Your Locations

A list of the locations both real and virtual that company uses. Include as much details as you can from addresses if known to regions or countries for cloud services.

Your Mission Statement

What your companies mission is. If you have one and you know it.

Your Values

The values of the company.

Your Business Objectives

What is the business hoping to achieve over the next 12 months and the long term.

Why it contains these points

Each of the points above can directly influence and impact aspects of the information security management system and how you go about managing risks and controls.

How to create and use an ISO 27001 Organisation Overview

In this short ISO 27001 Organisation Overview tutorial we show you how you can do it yourself with step by step instructions.

ISO 27001 Organisation Overview Frequently Asked Questions

What is the ISO 27001 Organisation Overview?

It is a document that describes who you are. You use the Organisation Overview to explain to auditors, clients and employees who you are, what your business objectives are, what your values are. It allows you to show, and to make, a connection to the implementation of the information security management system based on who you are.

Do I need an ISO 27001 Organisation Overview?

Yes. And no. You need to be able to show the connection between who you are and why the information security management system is built and implemented the way it is. The information is straightforward and you may have it in other locations. This is fine. It is just easier all round to collate that information into one document and one place to smooth the process of audits.

What is the best format to record and ISO 27001 Organisation Overview In?

The easiest format to record it in is Microsoft Word document. Any word processing package will do.

Who uses The ISO 27001 Organisation Overview?

In reality it used as part of the audit process to demonstrate the connection between who you are and the information security management system you have deployed.

Where do I get a downloadable ISO 27001 Organisation Overview Template?

You can get a downloadable Organisation Overview Template at High Table the ISO 27001 Company.

What does an ISO 27001 Organisation Overview contain?

It contains information about you. It will include an overview of who you are, what you do, what your business objectives are, what your values are. All information that you already know. As it is all about you.

Which clause of ISO 27001 covers Organisation Overview?

Organisation Overview is covered in ISO 27001:2022 Clause 4.1 Understanding The Organisation And Its Context

Stuart - High Table - ISO27001 Ninja - 3
ISO 27001 Toolkit Business Edition

Do It Yourself ISO27001 with the Ultimate ISO27001 Toolkit

Stop Spanking £10,000s on Consultants and ISMS Online Tools.

March Deal – Life Time Access – Save 50%