Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001 Clause 4.1: Understanding The Organisation And Its Context

Read the requirements of ISO 27001 Clause 4.1: Understanding the Organisation and Its Context, which ensures that the organisation determines external and internal issues relevant to the achievement of ISMS objectives.

“The organisation shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.”

As an organisation, you need to understand all internal and external issues that may be relevant to your business goals and the achievement of the information security management system (ISMS) objectives.

Internal issues include organisational structure, policies and guidelines, roles and responsibilities of inter alia staff, management and stakeholders.

External issues include the political environment, laws and regulations, technological advancements, economic trends etc.

Understanding the organisation's context and related issues will give you a clearer view of the organisation, allowing you to properly define the scope of the ISMS and effectively implement.