Chapter 3: ISO 27001 requirements

Like all ISO standards aligned to Annex SL, the first three clauses define the scope of the standard, the normative references and the terms and definitions used throughout.

ISO 27001 has only one normative reference – ISO 27000, from which the terms and definitions are also taken. Those terms and definitions (only) can be viewed freely online through the preview function of ISO’s online browsing platform.⁶

4 – Context of the organisation

Clause 4 is concerned with identifying the key operational context that your organisation operates within to better inform the scope and function of the ISMS. The organisation is expected to determine internal and external issues that are relevant to its purpose, and that could ...

Get ISO 27001/ISO 27002 - A guide to information security management systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO 27001/ISO 27002 - A guide to information security management systems by Alan Calder

CHAPTER 3: ISO 27001 REQUIREMENTS

4 – Context of the organisation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly