P
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.
Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.
So why does it refer to determining Issues in place of Context?
Thanks.
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.
Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.
So why does it refer to determining Issues in place of Context?
Thanks.