Organisation & Context

Screenshot 2023-01-03 at 15.06.49.png

The ISO 27001 consist of Chapters and Annex A. 
In the chapters 4 – 10 a number of topics are addressed with requirements.
In general, the requirement is that all of the topics need to be documented. 
‘Documented’ means that you need to:

  • describe how you address this topic (as in organize it)
  • review the content on a yearly base (minimum)

Organization & Context is one of those Mandatory Topics. 

“ISO27001 standard – Chapter 4.1 : The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system. “

You can make use of the Template “Mandatory ISO27001 Topics document”. This is a template (in PPT) addressing all mandatory topics in an informal way – by making use of small statements . The template is created and validated for start-up use and does have a 95% fit on the content and also describes the relation between sections that you will use in Compleye Online. 

Please note that the template addresses a number of topics, that are related to other sections of Compleye Online. We advise to read the template – if you cannot check all the topics, that is ok – the final version will need to be ready when you are almost ready for certification. The template will give you for now an idea what you will be working on during DIY Flow.  

A tool to get better insights for content of Organization & Context – is to define your products, by describing per product: 1. high level description, 2. type of customers 3. third parties involved – that will lead you into the questions: what is the compliance challenge? and what are the security requirements? If you can answer (and document) that question – you are complying with ISO27001. 

You can customize this with all kinds of information (eg add an owner, checkboxes) by making use of the ‘Add new field’ button. 
Multiple products can be added – products can have the same security requirements and compliance challenge – if stakeholders are similar. 

This topic is closely related to Interested Parties & Legal Requirements – as we need to describe in this mandatory topic the expectations from all stakeholders. 

This will probably be your first experience in complexity of documenting compliance stuff – and not your last. Do not be discouraged – if you follow our tips and start documenting something, that is a good first step.  

FieldValue / descriptionExample
Product namefree text fieldWeb and App Platform for end-user information 
Product description free text fielddata analytics on end-user feedback
Customersfree text field on who are the customersRetail Company
Third Partiesfree text fieldInvestors, Suppliers, Regulators
Internal Issuesfree text field Ensure the privacy of data and security of data servers
External Issuesfree text field Ensure the privacy of data and security of data servers
Company descriptionfree text[short description of the history or add a sale document to this module via the Procedure / Info
Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.