SBS - The best value in QMS software

Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1

P

patkim

#1
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
While context is the accepted and well understood environment of the organization and its operations, which could remain stable over reasonable time., issues are conflicts that affects the organization's abilities to achieve the intended outcome within its context.
You make take several examples...
While employee participation and safety is to context, an employee union at times can be an issue. An internal issue...and likewise.
 
Last edited:
#3
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
In addition to what Somashekar has rightly pointed out, I believe it is also worth considering the fact that the standard deals with Information Security and - if I remember correctly - since the first draft of the standard we talked about issues. This is because the environment in which information security operates is an environment where issues are the order of the day and where the context is made up of daily problems, attacks and countermeasures to contain them and try to protect their information
Have a nice day
 
#4
The context is trying to get the organization (top management) to look at what is going on, internally and externally, that may impact on the ability of the ISMS to be effective. For example, Google may soon have a wearable device which functions like Alexa and can access an organization's information. It may be able to "read" (out loud) to the wearer. How might that impact risks on information security? Doing a SWOT analysis (or PESTLE or similar) is a way to look at this - in terms of risks and opportunities.
 
Thread starter Similar threads Forum Replies Date
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
C Does the company violates any regulation/standard by selling device without warranty ISO 13485:2016 - Medical Device Quality Management Systems 5
S A CE Marked Product that does not comply with the Standard EU Medical Device Regulations 7
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
A Does anybody know in which Standard can this attached Alarm Symbol be found? Other Medical Device Related Standards 3
P Why does a SQA (Software Quality Assurance) standard be implemented in our company Software Quality Assurance 4
J0anne Does anyone use BS EN 60601-1-9:2008? What is a "collateral" Standard? Other ISO and International Standards and European Regulations 7
Jerry Eldred When Does Resolution of Measurement Standard Apply in Uncertainty Calculations General Measurement Device and Calibration Topics 14
C Device 'A' has no applicable Standard, but a very similar product 'B' does Other Medical Device Related Standards 6
T Does person responsible for standard have to be the Managment Representative? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Verbal Instructions - How does it hold up against the standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 35
A Definition Performance standard - What does that mean? Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
B Does TS 16949 standard update by next year? IATF 16949 - Automotive Quality Systems Standard 1
R What does dropping ANSI Z540 Calibration Standard mean to my program? General Measurement Device and Calibration Topics 16
T Does Excel STDEV calculate in 3 stdev (standard deviation)? Excel .xls Spreadsheet Templates and Tools 12
D Does anyone have a standard used for How to prepare an ice bath? General Measurement Device and Calibration Topics 12
T Non-Conformance Reports - Does the standard specifically say what an NCR is called? Nonconformance and Corrective Action 28
J Does GM require an Inspection Standard in the APQP process? APQP and PPAP 3
B Does the ISO/TS 16949 standard actually require the title "QUALITY POLICY" to be used Document Control Systems, Procedures, Forms and Templates 4
B Does anyone have a standard VDA 6.3 excel .xls template / form? Excel .xls Spreadsheet Templates and Tools 8
R Iso/tc69/sc4/wg6n48 - Does anybody here know captioned standard? Statistical Analysis Tools, Techniques and SPC 3
S Seeking AS9001 standard (Australia's ISO 9001) - Does anyone of you have? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
I Does anyone have anything about ISO 19000 standard family? Other ISO and International Standards and European Regulations 1
J What does the QS and TS in each standard's name mean? Other ISO and International Standards and European Regulations 4
R NIST - Primary Standard - Traceable to what? What exactly does that imply? General Measurement Device and Calibration Topics 10
Marc Does your registrar have Specific Requirements outside those of the standard? Registrars and Notified Bodies 90
J Does anyone have information on standard reference DIN 936? Other ISO and International Standards and European Regulations 4
S Does QS-9000 reference a specific drawing standard? QS-9000 - American Automotive Manufacturers Standard 1
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
0 To which part of 13485 does this refer? ISO 13485:2016 - Medical Device Quality Management Systems 3
A Medical Device Contract Manufacturer - Does the CM need to register with FDA? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
lanley liao Does the customer`s trademark belong to customer-supplied property? Oil and Gas Industry Standards and Regulations 2
H How does a gas turbine work on diesel fuel? Oil and Gas Industry Standards and Regulations 12
G What does performance specification include? US Food and Drug Administration (FDA) 1
W Where does a coatings and paint company fall in IATF? IATF 16949 - Automotive Quality Systems Standard 5
A How much does a complete biocompatibility test package cost? Other ISO and International Standards and European Regulations 1
B Does anybody know how to get older versions of Minitab to work in Windows 10? Quality Tools, Improvement and Analysis 9
C Does an accessory need an IFU if it use is discussed in the Parent device IFU? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
S How long does it take to register a product with MHRA? UK Medical Device Regulations 3
M Quality Manual - Where does Revision History Section go? Document Control Systems, Procedures, Forms and Templates 8
U Does *anyone* know a lab that will test to EN 455-4 Medical Gloves shelf life determination? EU Medical Device Regulations 1
A Brexit When does the UK responsible person need to be in place? UK Medical Device Regulations 10
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
N Does anyone have experience of GB/T 34986-2017? China Medical Device Regulations 1
Z Does anyone have experience with EN ISO 17664 ? IEC 62366 - Medical Device Usability Engineering 9
F Does anyone have an ESD quality/cooler talk to share? Training - Internal, External, Online and Distance Learning 4

Similar threads

Top Bottom