Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
iFour ConsultancyISMS Framework: Clause 4 - Context of the organization
Organizational Context - ISMS requirements
The organizational context for implementing and achieving the intended
outcome...
Clause 4.1 Understanding the organization & its context
 Organization should determine the internal and external issues p...
External issues can be described in terms of:
External issues can be determined by:
PESTLE analysis
Clause 4.1 (Continu...
The context also refers to Clause 5.3 of ISO 31000:2009 standard for
establishing internal and external context of the or...
Clause 4.2 Needs and expectations of interested parties
The organization shall determine:
Interested parties relevant to...
Clause 4.2 (Continued)
Examples of requirements by some of the entities mentioned ahead:
Shareholders of your company wa...
The organization shall determine the boundaries and applicability of the
areas of information security system to establis...
Clause 4.3 (Continued)
An organization should identify the functions that are provided by the
organization itself and als...
•Maintain the
ISMS i.e. Monitor
and Review ISMS
•Continually
Improve the ISMS
•Implement and
operate the ISMS
•Establish t...
References
https://wings2i.wordpress.com/2014/10/09/what-is-context-of-the-
organization-for-iso-270012013/
http://www.a...
Upcoming SlideShare
Loading in …5
×

ISO 27001 2013 Clause 4 - context of an organization - by Software development company in india

This PPT focuses on the management clauses of ISO 27001:2013 standards. The management clause 4 of ISMS framework relates to 'Context of the organization'. - by Software development company in india

Reference:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com

  • Be the first to comment

ISO 27001 2013 Clause 4 - context of an organization - by Software development company in india

  1. 1. iFour ConsultancyISMS Framework: Clause 4 - Context of the organization
  2. 2. Organizational Context - ISMS requirements The organizational context for implementing and achieving the intended outcome of its ISMS includes: Organizational Background Context of the Operations Purpose  ISO 27001:2013 has classified the organizational context into: Clause 4.1: Understanding the organization and its context. Clause 4.2: Understanding the needs and expectations of interested parties. Clause 4.3: Determining the scope of ISMS. Clause 4.4: Information Security Management System. Offshore software development company Indiahttp://www.ifourtechnolab.com
  3. 3. Clause 4.1 Understanding the organization & its context  Organization should determine the internal and external issues pertaining to the implementation of ISMS.  Internal issues can be described in terms of:  Internal & External issues can be identified by: SWOT analysis  Image reference: https://www.fullestop.com/blog/analyze-website-swot-analysis/  Organizational structure  Processes  Policies  Internal practices  People (i.e. Resources)  Products  Objectives  Capabilities Offshore software development company Indiahttp://www.ifourtechnolab.com
  4. 4. External issues can be described in terms of: External issues can be determined by: PESTLE analysis Clause 4.1 (Continued)  Market competitors  Differentiators of products  Trends  Environmental aspects  Clients  Legal & Regulatory commitments  Relationship (with supplier/vendor/client)  External stakeholders Political Economic Social Technological Legal Environmental Offshore software development company Indiahttp://www.ifourtechnolab.com
  5. 5. The context also refers to Clause 5.3 of ISO 31000:2009 standard for establishing internal and external context of the organization. Clause 5.3 of ISO 31000:2009 explains the establishment of your unique risk management context. The subsections are: Clause 5.3.1: Establish your risk management parameters. Clause 5.3.2: Establish your organization's external context. Clause 5.3.3: Establish your organization’s internal context. Clause 5.3.4: Establish the context of your risk management process. Clause 5.3.5: Establish your organization’s risk criteria. Clause 4.1 (Continued) Offshore software development company Indiahttp://www.ifourtechnolab.com
  6. 6. Clause 4.2 Needs and expectations of interested parties The organization shall determine: Interested parties relevant to ISMS. Requirements of these Interested parties relevant to ISMS. Interested parties are the stakeholders that influence ISMS operations or they are the ones who are affected by ISMS activities. Interested parties can be any from the following: The requirements of these interested parties includes legal and regulatory requirements and obligations as mentioned in the contract.  Clients  Suppliers/Vendors  Govt. agencies/Regulators  Partners  Employees  Shareholders/Owners Offshore software development company Indiahttp://www.ifourtechnolab.com
  7. 7. Clause 4.2 (Continued) Examples of requirements by some of the entities mentioned ahead: Shareholders of your company want their investment to be secure and they want to earn a good return on their investment.  Image reference: http://www.consilue.com/ Clients want your company to comply with the security clauses in the contracts your company signs with them.  Image reference: http://imgforu.com/login/123?q=39 Govt. agencies want your company to comply with Information Security laws and regulations.  Image reference: http://blog.snobmonkey.com/2015/04/14/why-universities-need-to-get-social/ Offshore software development company Indiahttp://www.ifourtechnolab.com
  8. 8. The organization shall determine the boundaries and applicability of the areas of information security system to establish its scope The scope is determined keeping in mind these factors: The internal and the external issues referred to in Clause 4.1 The requirements of interested parties referred to in Clause 4.2 The interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations  The boundary is the term that considers the organization processes in relevance to information security.  Image reference: http://www.huntinggpsmaps.com/hunt-map-update-overview Clause 4.3 Determining the scope of ISMS Offshore software development company Indiahttp://www.ifourtechnolab.com
  9. 9. Clause 4.3 (Continued) An organization should identify the functions that are provided by the organization itself and also the functions that are provided by external parties which affect the CIA of information within the scope of ISMS. Example: A social networking company relies on its internet service provider. If a failure occurs in providing internet to the social networking site of the company by the internet provider, then availability of the information is compromised. Hence the internet service should be considered while determining the scope of ISMS.  ISO states that the scope of ISMS should be available as documented information Offshore software development company Indiahttp://www.ifourtechnolab.com
  10. 10. •Maintain the ISMS i.e. Monitor and Review ISMS •Continually Improve the ISMS •Implement and operate the ISMS •Establish the ISMS Plan Do CheckAct Clause 4.4 Information Security Management System Offshore software development company Indiahttp://www.ifourtechnolab.com
  11. 11. References https://wings2i.wordpress.com/2014/10/09/what-is-context-of-the- organization-for-iso-270012013/ http://www.aisgcorp.com/how-to-comply-with-clause-4-1-and-4-2-of-isoiec- 270012013/ http://www.slideshare.net/ULDQSInc/iso-27001-transition-to-2013- 03202014 http://advisera.com/27001academy/knowledgebase/explanation-iso- 270012013-clause-4-1-understanding-organization/ http://advisera.com/27001academy/knowledgebase/how-to-identify- interested-parties-according-to-iso-27001-and-iso-22301/ Offshore software development company Indiahttp://www.ifourtechnolab.com

×