In this tutorial video I show you how to implement ISO 27001 Understanding The Organisation And Its Context and pass the audit. This step by step tutorial walks you through how to implement it, pass the audit, common mistakes people make and what an auditor will look for.
Resources and Links
____________________________________________
► Download the Ultimate ISO 27001 Toolkit: hightable.io/ISO-27001-toolkit/
► Read the blog that accompanies the video: hightable.io/iso-27001-clause...
____________________________________________
The ISO 27001 standard was updated in 2022 with changes to ISO 27001 Understanding The Organisation And Its Context and this the ISO27001:2022 updated changes to Clause 4.1 and exactly what do you need to do.
ISO 27001 Clause 4.1
ISO 27001 Understanding The Organisation And Its Context ensures you have considered what the risks are to your information security management system and that you are managing them effectively. This clause focuses on internal issues and external issues, which are effectively the internal and external risks, and how they can impact your information security management system (ISMS). By addressing the risks the management system we can ensure we have more effective ISMS that is better positioned to be successful.
Chapters
00:00 ISO 27001 Clause 4.1 Understanding The Organisation And Its Context
01:17 What is it?
01:31 What are internal and external issues?
02:05 The purpose of Clause 4.1
02:26 The ISO 27001 standard definition of Clause 4.1
02:49 The requirement
03:19 ISO 27001 Templates
03:38 Context of Organisation Template
03:59 What are internal issues?
04:35 Internal and External Issues Implementation Guidance
06:59 Examples of Internal Issues
07:54 Examples of External Issues
09:57 How to comply with Clause 4.1
10:22 What an auditor will check and look for
11:28 The top 3 mistakes people make
13:00 What is it important?
13:42 Who is responsible?
14:20 Conclusion
How to implement ISO 27001 Clause 4.1
I am going to go into what internal and external issues are, how to identify them and manage them and I am going to give you examples of what internal issues and external issues are that you can use.
You will identify the internal and external risks that can apply to your information security management. For best practice you will record whether the risk is an actual risk that applies to you and also risks that could apply that you have considered and discounted.
The internal and external issues will be documented in your context of organisation document and if a risk is identified a risk reference will be recorded and the internal or external issue will be added to the risk register and managed via risk management.
ISO 27001 Internal Issues examples
People: Internally there are no resources trained or experienced in the delivery of ISO 27001.
Time: The implementation and management of the information security management system and of the supporting controls requires a significant time investment from key departments and key individuals.
ISO 27001 External Issues examples
Economic Climate: Consider the current economic climate and its impact on the business and the information security management system.
Technology Advances: Consider the impact of technology changes on the business and information security management system.
SUBSCRIBE / @stuartbarker
- - - - - - - - - -
#iso27001 #isms