41 )that refers to persons or organizations that can affect,be affected by, or perceive themselves to be affected by a decision or activity of the organization. Interested party is a defined term (see ISO/IEC 27000: 2016, 2. The organization determines interested parties relevant to the ISMS and their requirements relevant to information security. 2 Understanding the needs and expectations of interested parties
This analysis is concerned with external and internal issues that in some way affect nformation security and how information security can be managed, and that are relevant to the organization’s objectives.Ĥ. The organization determines external and internal issues relevant to its purpose and affecting it ability to achieve the intended outcome()of the information security management system(SMS).Īs an integral function of the ISMS, the organization continually analyses itself and the world surrounding it. ISO/IEC 27003:2017 provides explanation and guidance on ISO/IEC 27001:2013.Ĥ.1 Understanding the organization and its context
ISO/IEC 27003:2017 pdf download.Information technology - Security techniques - Information security management systems - Guidance.
0 kommentar(er)
