Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1

P

patkim

#1
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
While context is the accepted and well understood environment of the organization and its operations, which could remain stable over reasonable time., issues are conflicts that affects the organization's abilities to achieve the intended outcome within its context.
You make take several examples...
While employee participation and safety is to context, an employee union at times can be an issue. An internal issue...and likewise.
 
Last edited:
#3
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
In addition to what Somashekar has rightly pointed out, I believe it is also worth considering the fact that the standard deals with Information Security and - if I remember correctly - since the first draft of the standard we talked about issues. This is because the environment in which information security operates is an environment where issues are the order of the day and where the context is made up of daily problems, attacks and countermeasures to contain them and try to protect their information
Have a nice day
 
#4
The context is trying to get the organization (top management) to look at what is going on, internally and externally, that may impact on the ability of the ISMS to be effective. For example, Google may soon have a wearable device which functions like Alexa and can access an organization's information. It may be able to "read" (out loud) to the wearer. How might that impact risks on information security? Doing a SWOT analysis (or PESTLE or similar) is a way to look at this - in terms of risks and opportunities.
 
Thread starter Similar threads Forum Replies Date
M Does the ISO 9001:2015 standard require a disaster recovery plan or emergency response plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
C Does the company violates any regulation/standard by selling device without warranty ISO 13485:2016 - Medical Device Quality Management Systems 5
S A CE Marked Product that does not comply with the Standard EU Medical Device Regulations 7
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
A Does anybody know in which Standard can this attached Alarm Symbol be found? Other Medical Device Related Standards 3
P Why does a SQA (Software Quality Assurance) standard be implemented in our company Software Quality Assurance 4
J0anne Does anyone use BS EN 60601-1-9:2008? What is a "collateral" Standard? Other ISO and International Standards and European Regulations 7
Jerry Eldred When Does Resolution of Measurement Standard Apply in Uncertainty Calculations General Measurement Device and Calibration Topics 14
C Device 'A' has no applicable Standard, but a very similar product 'B' does Other Medical Device Related Standards 6
T Does person responsible for standard have to be the Managment Representative? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Verbal Instructions - How does it hold up against the standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 35
A Definition Performance standard - What does that mean? Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
B Does TS 16949 standard update by next year? IATF 16949 - Automotive Quality Systems Standard 1
R What does dropping ANSI Z540 Calibration Standard mean to my program? General Measurement Device and Calibration Topics 16
T Does Excel STDEV calculate in 3 stdev (standard deviation)? Excel .xls Spreadsheet Templates and Tools 12
D Does anyone have a standard used for How to prepare an ice bath? General Measurement Device and Calibration Topics 12
T Non-Conformance Reports - Does the standard specifically say what an NCR is called? Nonconformance and Corrective Action 28
J Does GM require an Inspection Standard in the APQP process? APQP and PPAP 3
B Does the ISO/TS 16949 standard actually require the title "QUALITY POLICY" to be used Document Control Systems, Procedures, Forms and Templates 4
B Does anyone have a standard VDA 6.3 excel .xls template / form? Excel .xls Spreadsheet Templates and Tools 8
R Iso/tc69/sc4/wg6n48 - Does anybody here know captioned standard? Statistical Analysis Tools, Techniques and SPC 3
S Seeking AS9001 standard (Australia's ISO 9001) - Does anyone of you have? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
I Does anyone have anything about ISO 19000 standard family? Other ISO and International Standards and European Regulations 1
J What does the QS and TS in each standard's name mean? Other ISO and International Standards and European Regulations 4
R NIST - Primary Standard - Traceable to what? What exactly does that imply? General Measurement Device and Calibration Topics 10
Marc Does your registrar have Specific Requirements outside those of the standard? Registrars and Notified Bodies 90
J Does anyone have information on standard reference DIN 936? Other ISO and International Standards and European Regulations 4
S Does QS-9000 reference a specific drawing standard? QS-9000 - American Automotive Manufacturers Standard 1
H Does anyone has feedback on a notified body for small companies? EU Medical Device Regulations 2
M Does 4.5 - Alternative RISK CONTROL apply to the Particular Standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Does IVD need to integrate with hospital IT infrastructure? Medical Information Technology, Medical Software and Health Informatics 1
D What does a level 1 (PSW) PPAP actually promise? APQP and PPAP 15
R GS1 DataMatrix code does not meet GS1 Specification EU Medical Device Regulations 0
M Does the scope of ISO 9001:2015 applies to tenders, pricing and sales department of a medical devices distributor? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
K Why does load cell supplier requires force verification General Measurement Device and Calibration Topics 3
M Does C=0 strictly mean 1 bad, all bad, all the time? ISO 13485:2016 - Medical Device Quality Management Systems 6
C Does a medical device active (zinc oxide) needs BPR registration in EU? Other ISO and International Standards and European Regulations 5
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
Ed Panek Does this FDA Requirement Apply to international (not USA) distributors for USA based manufacturing companies? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
S Does a refurbished product required a new UDI? US Food and Drug Administration (FDA) 3
D Change to labelling - does it require a new 510(k)? US Food and Drug Administration (FDA) 5
M What does "constantly" mean ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
N Does anyone use SGS for ISO 13485 / CE certification Registrars and Notified Bodies 0
G Does FDA allows remote approvals of quality documentation. Is there any specific guidance on signing any quality records remotely? Document Control Systems, Procedures, Forms and Templates 1
B Does FDA Registration QSR need to cover non-medical devices for contract repackager? US Food and Drug Administration (FDA) 1
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2

Similar threads

Top Bottom