Scribd
Upload
28 views5 pages

Context Organisation

This document provides an overview of the context of an organization relevant to its information security management system. It lists internal issues such as a lack of trained resources and time investment required. External issues discussed include potential impacts of legislation changes, relationships with external stakeholders, and technology advances. The document examines these interested parties and issues to understand how they may impact the information security system and if they represent risks needing to be addressed.

Uploaded by

Rizky Syaputra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views5 pages

Context Organisation

This document provides an overview of the context of an organization relevant to its information security management system. It lists internal issues such as a lack of trained resources and time investment required. External issues discussed include potential impacts of legislation changes, relationships with external stakeholders, and technology advances. The document examines these interested parties and issues to understand how they may impact the information security system and if they represent risks needing to be addressed.

Uploaded by

Rizky Syaputra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

CONTEXT OF ORGANISATION

Version: [Version Number] Classification: Internal

[Company]

CONTEXT OF

ORGANISATION

Context of Organisation relevant to its ability to achieve the intended outcome(s) of

its information security management system.

Last Reviewed: [Last Reviewed]


Document Owner: [Document Owner]
CONTEXT OF ORGANISATION
Version: [Version Number] Classification: Internal

Document Contents Page

Document Version Control

Document Contents Page......................................................................................................................2

Introduction...........................................................................................................................................3

Internal Issues Overview....................................................................................................................3

External Issues Overview...................................................................................................................4

Internal Issues........................................................................................................................................5

External Issues.......................................................................................................................................5

Interested Parties..................................................................................................................................5

Last Reviewed: [Last Reviewed]


Document Owner: [Document Owner]
CONTEXT OF ORGANISATION
Version: [Version Number] Classification: Internal

Introduction

When building our information security management system, we considered the context of
our organisation. This document lists the interested parties, the internal issues, and the
external issues.

Interested parties are those people and entities that have a direct interest in our information
security management system and have particular requirements. We consider them and their
requirements.

Internal and external issues are issues that can directly impact the information security
management system of the organisation. We consider them and whether they actually
represent an issues to us or not, to show we have considered them. Where there is an
issues, we add it to the risk register and manage it thought risk management.

Internal Issues Overview

Internal Issues are issues that are internal to the organisation and usually are specific to the
organisation. When considering issues, we considered the internal context of the
organization and took account of:

 Governance, organizational structure, roles and accountabilities.


 Policies, objectives, and the strategies that are in place to achieve them
 Capabilities, understood in terms of resources and knowledge (e.g., capital, time,
people, processes, systems and technologies).
 The relationship with and perceptions and values of internal stakeholders.
 The organization’s culture.
 Information systems, information flows and decision-making processes (both formal
and informal).
 Standards, guidelines and models adopted by the organization; and
 Form and extend of contractual relationships.

Last Reviewed: [Last Reviewed]


Document Owner: [Document Owner]
CONTEXT OF ORGANISATION
Version: [Version Number] Classification: Internal

External Issues Overview

External Issues are issues that are external to the organisation and usually general in nature
to the organisation. When considering issues, we considered the external context of the
organization and took account of:

 The social and cultural, political, legal, regulatory, financial, technological, economic,
natural, and competitive environment, whether international, national, regional or
local.
 Key drivers and trends having impact on the objectivies of the organization; and
 Relationships with perceptions and values of external stakeholders.

Last Reviewed: [Last Reviewed]


Document Owner: [Document Owner]
CONTEXT OF ORGANISATION
Version: [Version Number] Classification: Internal

Internal Issues

Internal Issues Overview On Risk Risk Reference


Register?
(y/n)
People Internally there are no resources
trained or experienced in the delivery
of ISO 27001.
Time The implementation and management
of the supporting controls requires a
significant time investment from key
departments and key individuals

External Issues

Issues Overview On Risk


register?
(y/n)
Legislation changes [consider the impact of Data
Privacy laws, impact of topics such
as Brexit.]
Relationship with [Consider the relationship with
external external stakeholders
stakeholders positive/negative describing the
reporting and structure]
Technology [Consider the impact of technology
Advances changes on the business and
information security management
system.]

Last Reviewed: [Last Reviewed]


Document Owner: [Document Owner]

You might also like