richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Standards/ISO27x/ISO31000-5.4.1-Understanding-the-organization-and-its-context.md

1.4 KiB
Raw Blame History

#iso31000/2018

5.4.1   Understanding the organization and its context

From ISO 31000:2018

When designing the framework for managing risk, the organization should examine and understand its external and internal context.

Examining the organizations external context may include, but is not limited to:

  • the social, cultural, political, legal, regulatory, financial, technological, economic and environmental factors, whether international, national, regional or local;
  • key drivers and trends affecting the objectives of the organization;
  • external stakeholders relationships, perceptions, values, needs and expectations;
  • contractual relationships and commitments;
  • the complexity of networks and dependencies.

Examining the organizations internal context may include, but is not limited to:

  • vision, mission and values;
  • governance, organizational structure, roles and accountabilities;
  • strategy, objectives and policies;
  • the organizations culture;
  • standards, guidelines and models adopted by the organization;
  • capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, intellectual property, processes, systems and technologies);
  • data, information systems and information flows;
  • relationships with internal stakeholders, taking into account their perceptions and values;
  • contractual relationships and commitments;
  • interdependencies and interconnections.