Security Policy: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 4: | Line 4: | ||
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system. | The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system. | ||
<small>NOTE Determining these issues refers to establishing the external and internal context of the organization | <small>NOTE Determining these issues refers to establishing the external and internal context of the organization considered in Clause 5.3 of ISO 31000:2009[5]. </small> | ||
considered in Clause 5.3 of ISO 31000:2009[5]. </small> | |||
=== Understanding the needs and expectations of interested parties=== | === Understanding the needs and expectations of interested parties=== | ||