Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1

P

patkim

#1
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
 
Elsmar Forum Sponsor
#2
While context is the accepted and well understood environment of the organization and its operations, which could remain stable over reasonable time., issues are conflicts that affects the organization's abilities to achieve the intended outcome within its context.
You make take several examples...
While employee participation and safety is to context, an employee union at times can be an issue. An internal issue...and likewise.
 
Last edited:
#3
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
In addition to what Somashekar has rightly pointed out, I believe it is also worth considering the fact that the standard deals with Information Security and - if I remember correctly - since the first draft of the standard we talked about issues. This is because the environment in which information security operates is an environment where issues are the order of the day and where the context is made up of daily problems, attacks and countermeasures to contain them and try to protect their information
Have a nice day
 
#4
The context is trying to get the organization (top management) to look at what is going on, internally and externally, that may impact on the ability of the ISMS to be effective. For example, Google may soon have a wearable device which functions like Alexa and can access an organization's information. It may be able to "read" (out loud) to the wearer. How might that impact risks on information security? Doing a SWOT analysis (or PESTLE or similar) is a way to look at this - in terms of risks and opportunities.
 
Thread starter Similar threads Forum Replies Date
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
C Does the company violates any regulation/standard by selling device without warranty ISO 13485:2016 - Medical Device Quality Management Systems 5
S A CE Marked Product that does not comply with the Standard EU Medical Device Regulations 7
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
A Does anybody know in which Standard can this attached Alarm Symbol be found? Other Medical Device Related Standards 3
P Why does a SQA (Software Quality Assurance) standard be implemented in our company Software Quality Assurance 4
J0anne Does anyone use BS EN 60601-1-9:2008? What is a "collateral" Standard? Other ISO and International Standards and European Regulations 7
Jerry Eldred When Does Resolution of Measurement Standard Apply in Uncertainty Calculations General Measurement Device and Calibration Topics 14
C Device 'A' has no applicable Standard, but a very similar product 'B' does Other Medical Device Related Standards 6
T Does person responsible for standard have to be the Managment Representative? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Verbal Instructions - How does it hold up against the standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 35
A Definition Performance standard - What does that mean? Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
B Does TS 16949 standard update by next year? IATF 16949 - Automotive Quality Systems Standard 1
R What does dropping ANSI Z540 Calibration Standard mean to my program? General Measurement Device and Calibration Topics 16
T Does Excel STDEV calculate in 3 stdev (standard deviation)? Excel .xls Spreadsheet Templates and Tools 12
D Does anyone have a standard used for How to prepare an ice bath? General Measurement Device and Calibration Topics 12
T Non-Conformance Reports - Does the standard specifically say what an NCR is called? Nonconformance and Corrective Action 28
J Does GM require an Inspection Standard in the APQP process? APQP and PPAP 3
B Does the ISO/TS 16949 standard actually require the title "QUALITY POLICY" to be used Document Control Systems, Procedures, Forms and Templates 4
B Does anyone have a standard VDA 6.3 excel .xls template / form? Excel .xls Spreadsheet Templates and Tools 8
R Iso/tc69/sc4/wg6n48 - Does anybody here know captioned standard? Statistical Analysis Tools, Techniques and SPC 3
S Seeking AS9001 standard (Australia's ISO 9001) - Does anyone of you have? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
I Does anyone have anything about ISO 19000 standard family? Other ISO and International Standards and European Regulations 1
J What does the QS and TS in each standard's name mean? Other ISO and International Standards and European Regulations 4
R NIST - Primary Standard - Traceable to what? What exactly does that imply? General Measurement Device and Calibration Topics 10
Marc Does your registrar have Specific Requirements outside those of the standard? Registrars and Notified Bodies 90
J Does anyone have information on standard reference DIN 936? Other ISO and International Standards and European Regulations 4
S Does QS-9000 reference a specific drawing standard? QS-9000 - American Automotive Manufacturers Standard 1
M Does any one know if company is allowed to submit appeal for rejected registration file Other Medical Device Related Standards 0
B Does TUS require load thermocouples? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
B Does anyone copyright their internal QMS documents? Document Control Systems, Procedures, Forms and Templates 24
D MDR technical file: does it need to contain duplicates of controlled documents EU Medical Device Regulations 2
D Does the MDR article 10 (14) needs to be documented word for word in a Procedure? EU Medical Device Regulations 1
S Why does GAGEpack drop the temperature and humidity readings out of the verification event card? Quality Assurance and Compliance Software Tools and Solutions 0
C Determining an as received OOT condition during calibration does not affect measurements taken prior to calibration. General Measurement Device and Calibration Topics 16
D Does the DoC require a technical documentation version? ISO 13485:2016 - Medical Device Quality Management Systems 1
S Local (country) registration of medical devices - Who does it in best case? Other Medical Device Regulations World-Wide 2
G When does containment event not require 100% sort? Nonconformance and Corrective Action 5
H Does this clause mean i must be in compliance with AS9100 or is 9001 enough? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
H Does ISO state in anyway that we MUST keep physical first piece parts? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
XRAY_3121 Class II heating pad - does the power supply have to have IEC 60601-1 testing?? US Medical Device Regulations 5
F Change in address for critical supplier - does NB need to be informed? CE Marking (Conformité Européene) / CB Scheme 20
S Brexit ISO 13485:2016 + Corrigendum - What does a UKCA DoC require? EU Medical Device Regulations 2
G Does anyone know about tobacco-free nicotine pouches? US Food and Drug Administration (FDA) 2
cgaro62 Does FDA apply to a non-medical 13485 certified custom manufacturing company? ISO 13485:2016 - Medical Device Quality Management Systems 11
R Does anyone use iQMS for their ISO based document control? Manufacturing and Related Processes 1
V How many hrs does it take to create a Technical File (TD)? EU Medical Device Regulations 4

Similar threads

Top Bottom