Organisation & Context

The ISO 27001 consist of Chapters and Annex A. 
In the chapters 4 – 10 a number of topics are addressed with requirements.
In general, the requirement is that all of the topics need to be documented. 
‘Documented’ means that you need to:

  • describe how you address this topic (as in organize it)
  • review the content on a yearly base (minimum)

Organization & Context is one of those Mandatory Topics. 

“ISO27001 standard – Chapter 4.1 : The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system. “

You can  make use of the Template “Mandatory ISO27001 Topics to document”. This is a template (in PPT) addressing all mandatory topics in an informal way – by making use of small statements . The template is created and validated for start-up use and does have a 95% fit on the content and describes also the relation between sections that you will use in Compleye Online. 

Please note that the template addresses a number of topics, that are related to other sections of Compleye Online. We advise to read the template – if you cannot check all the topics, that is ok – the final version will need to be ready when you are almost ready for certification. The template will give you for now an idea what you will will be working on during DIY Flow.  

A tool to get better insights for content of Organization & Context  – is to define your products, by describing per product: 1. high level description, 2. type of customers 3. third parties involved – that will lead you into the questions: what is the compliance challenge? and what are the security requirements? If you can answer (and document) that question – you are complying with ISO27001. 

You can customize this with all kinds of information (e.g. add an owner, checkboxes) by making use of the ‘Add new field’ button. 
Multiple products can be added – products can have same security requirements and compliance challenge – if stakeholders are similar. 

This topic is closely related to Interested Parties & Legal Requirements – as we need to describe in this mandatory topic the expectations from all stakeholders. 

This will probably be your first experience in complexity of documenting compliance stuff – and not your last. Do not be discouraged – if you follow our tips and start documenting something, that is a good first step.  

Field Value / description Example
Product name free text field Web and App Platform for end-user information 
Product description  free text field data analytics on end-user feedback
Customers free text field on who are the customers Retail Company
Third Parties free text field Investors, Suppliers, Regulators
Compliance challenge free text field  Ensure the privacy of data and security of data servers
Company description free text [short description of the history or add a sale document to this module via the Procedure / Info

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.