graphgrc

ISO 27001 - 4 - Context of the organization

4.1

Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.

Mapped SCF controls

4.2.a

Understanding the needs and expectations of interested parties, part a)

The organization shall determine: a) interested parties that are relevant to the information security management system.

Mapped SCF controls

4.2.b

Understanding the needs and expectations of interested parties, part b)

The organization shall determine: b) the relevant requirements of these interested parties. Note: the requirements of interested parties include legal and regulatory requirements and contractual obligations.

Mapped SCF controls

4.2.c

Understanding the needs and expectations of interested parties, part c)

The organization shall determine: c) which of these requirements will be addressed through the information security managment system

Mapped SCF controls

4.3.a

Determining the scope of the information security management system, part a)

The organization shall determine the boundaries and applicability of the information system management system to establish its scope. When determining this scope, the organization shall consider: the external and internal issues referred to in 4.1 The scope shall be available as documented information.

Mapped SCF controls

4.3.b

Determining the scope of the information security management system, part b)

The organization shall determine the boundaries and applicability of the information system management system to establish its scope. When determining this scope, the organization shall consider: the requirements referred to in 4.2. The scope shall be available as documented information.

Mapped SCF controls

4.3.c

Determining the scope of the information security management system, part c)

The organization shall determine the boundaries and applicability of the information system management system to establish its scope. When determining this scope, the organization shall consider: interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations. The scope shall be available as documented information.

Mapped SCF controls

4.4

Information security management system

The organization shall establish, implement, maintain, and continually improve an information security management system, including the processes needed and thier interactions, in accordance with the requirements of this International Standard.

Mapped SCF controls