What is Context of the Organization for ISO 27001:2013?

The best way to start with context of the organization is with an information flow diagram as explained in my previous blog. This will give a clear idea on the organization as a whole & its constituents. For better understanding, let us split the context into internal & external.

Internal – Internal context of the organization constitute the work culture, internal practices, organization structure, policies, processes, organizational values, objectives, resources, business strategies, expertise & capabilities etc.

External – External context includes factors that constitutes market competition , differentiators, supplier/vendor relationships, market trend, political situation where you operate, clients, environmental aspects, social & cultural aspects, legal & regulatory commitments, relationship, external stakeholders, requirements from all the interested parties, etc.

In brief, context of the organization includes all the internal & external factors that can have an influence on its existence & activities.

For ISO 27001, context of the organization is all the factors mentioned above that has an influence on achieving the objectives set forth by the information security management system of the organization.

You may also refer Clause 5.3 of ISO 31000:2009 for guidelines pertaining to internal & external context.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s