Vault restructure

Corpus/💡Drafts and Ideas/Most Challenging Clauses in ISO 27001.md

@@ -0,0 +1,18 @@
+# Most Challenging Clauses in ISO 27001
+
+Professionals cite difficulties with:
+
+* **Clause 4: Context of the Organization**
+  * defining the organization’s boundaries
+  * determining relevant interested parties
+  * documenting the complex interrelationships among processes required by Clause 4.4.  Show how processes interact and link to business needs
+* **Clause 6: Planning (Risk Assessment and Objectives)**
+  * identifying, evaluating, and treating risks
+  * choosing a risk methodology
+  * ensuring risk assessments meet auditor expectations
+* **Clause 9: Performance Evaluation**
+  * Monitoring, measurement, analysis, and evaluation (especially Clause 9.1), esp. establish meaningful objectives, gather relevant metrics, and provide evidence of improvement.
+* **Clause 10: Improvement (Nonconformity and Corrective Action)**
+  * a systematic approach to identifying, investigating, and tracking corrective actions. 
+* **Annex A Control Mapping and Statement of Applicability**
+  * The breadth of required controls and the need to justify inclusions/exclusions create confusion