Why does the standard clause use the term Issues in place of Context - ISO 27001 4.1

patkim

Registered Visitor
#1
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
While context is the accepted and well understood environment of the organization and its operations, which could remain stable over reasonable time., issues are conflicts that affects the organization's abilities to achieve the intended outcome within its context.
You make take several examples...
While employee participation and safety is to context, an employee union at times can be an issue. An internal issue...and likewise.
 
Last edited:
#3
Hi,
ISO 27001 2013 states about Understanding the organization and its context. However the actual clause 4.1 expects that the organization shall determine the internal and external issues that affect its ability to achieve the intended outcomes.

Why does it refer to the term Issues in place of Context? An organizational context can be anything from aspects of the organization including its culture, governance, adopted management systems, contractual relationships, capabilities that are not necessarily issues but simply the current aspects that must be factored in before implementing ISMS. It can also be any issues that might prevent the organization from achieving its ISMS implementation or objectives.

So why does it refer to determining Issues in place of Context?
Thanks.
In addition to what Somashekar has rightly pointed out, I believe it is also worth considering the fact that the standard deals with Information Security and - if I remember correctly - since the first draft of the standard we talked about issues. This is because the environment in which information security operates is an environment where issues are the order of the day and where the context is made up of daily problems, attacks and countermeasures to contain them and try to protect their information
Have a nice day
 
#4
The context is trying to get the organization (top management) to look at what is going on, internally and externally, that may impact on the ability of the ISMS to be effective. For example, Google may soon have a wearable device which functions like Alexa and can access an organization's information. It may be able to "read" (out loud) to the wearer. How might that impact risks on information security? Doing a SWOT analysis (or PESTLE or similar) is a way to look at this - in terms of risks and opportunities.
 
Thread starter Similar threads Forum Replies Date
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
C Does the company violates any regulation/standard by selling device without warranty ISO 13485:2016 - Medical Device Quality Management Systems 5
SteveK A CE Marked Product that does not comply with the Standard EU Medical Device Regulations 7
M Does anyone here have experience implementing PCI DSS (Data Security Standard) IEC 27001 - Information Security Management Systems (ISMS) 10
A Does anybody know in which Standard can this attached Alarm Symbol be found? Other Medical Device Related Standards 3
P Why does a SQA (Software Quality Assurance) standard be implemented in our company Software Quality Assurance 4
J0anne Does anyone use BS EN 60601-1-9:2008? What is a "collateral" Standard? Other ISO and International Standards and European Regulations 7
Jerry Eldred When Does Resolution of Measurement Standard Apply in Uncertainty Calculations General Measurement Device and Calibration Topics 14
C Device 'A' has no applicable Standard, but a very similar product 'B' does Other Medical Device Related Standards 6
T Does person responsible for standard have to be the Managment Representative? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N How does a company determine what ISO standard (9000 or 9001) to register to? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T Verbal Instructions - How does it hold up against the standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 35
A Definition Performance standard - What does that mean? Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
J What does the revised standard ISO 9001:2008 mean to Jim "Q" public ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 44
B Does TS 16949 standard update by next year? IATF 16949 - Automotive Quality Systems Standard 1
R What does dropping ANSI Z540 Calibration Standard mean to my program? General Measurement Device and Calibration Topics 16
T Does Excel STDEV calculate in 3 stdev (standard deviation)? Excel .xls Spreadsheet Templates and Tools 12
D Does anyone have a standard used for How to prepare an ice bath? General Measurement Device and Calibration Topics 12
T Non-Conformance Reports - Does the standard specifically say what an NCR is called? Nonconformance and Corrective Action 28
J Does GM require an Inspection Standard in the APQP process? APQP and PPAP 3
B Does the ISO/TS 16949 standard actually require the title "QUALITY POLICY" to be used Document Control Systems, Procedures, Forms and Templates 4
B Does anyone have a standard VDA 6.3 excel .xls template / form? Excel .xls Spreadsheet Templates and Tools 8
R Iso/tc69/sc4/wg6n48 - Does anybody here know captioned standard? Statistical Analysis Tools, Techniques and SPC 3
S Seeking AS9001 standard (Australia's ISO 9001) - Does anyone of you have? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
I Does anyone have anything about ISO 19000 standard family? Other ISO and International Standards and European Regulations 1
J What does the QS and TS in each standard's name mean? Other ISO and International Standards and European Regulations 4
R NIST - Primary Standard - Traceable to what? What exactly does that imply? General Measurement Device and Calibration Topics 10
Marc Does your registrar have Specific Requirements outside those of the standard? Registrars and Notified Bodies 90
J Does anyone have information on standard reference DIN 936? Other ISO and International Standards and European Regulations 4
S Does QS-9000 reference a specific drawing standard? QS-9000 - American Automotive Manufacturers Standard 1
U Does *anyone* know a lab that will test to EN 455-4 Medical Gloves shelf life determination? EU Medical Device Regulations 1
A Brexit When does the UK responsible person need to be in place? UK Medical Device Regulations 10
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
N Does anyone have experience of GB/T 34986-2017? China Medical Device Regulations 1
Z Does anyone have experience with EN ISO 17664 ? IEC 62366 - Medical Device Usability Engineering 9
F Does anyone have an ESD quality/cooler talk to share? Training - Internal, External, Online and Distance Learning 4
A What does this line from MDCG 2020-3 (MDR art. 120 substantial change) mean to you? EU Medical Device Regulations 4
D Change Approval Requirements - Does every change need formal customer approval? Design and Development of Products and Processes 17
T What does AS9100 mean when it says you must establish a process to do X? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 24
L Does a backdate form format can be changed if wrong revision is used? Document Control Systems, Procedures, Forms and Templates 8
B General Motors and Honda Alliance - What does this mean to suppliers? IATF 16949 - Automotive Quality Systems Standard 3
C ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations? ISO 13485:2016 - Medical Device Quality Management Systems 9
A Does ISO 9001:2015 cover all the requirements of ISO 10012:2003? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
N FDA UDI - Label vs. Labeling - Does the insert need to include UDI? Other US Medical Device Regulations 1
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
D Does Manufacture can submit CE mark application under MDD with NB for his New product after May 2020? EU Medical Device Regulations 3
A What does this sentence "this symbol shall be used in the orientation shown" mean in ISO 780:2015? Other Medical Device Related Standards 4
L Turkish Requirements - Does the Software need to be translated? CE Marking (Conformité Européene) / CB Scheme 2
R Where does IATF 16949 address Process mapping? IATF 16949 - Automotive Quality Systems Standard 3
J Does Pakistan Medical Device Import License allows parallel import? Other Medical Device Regulations World-Wide 0

Similar threads

Top Bottom