844 B
844 B
ISO 27001 C 4.1 requires that "the organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system."
No form or method are specified, but there are some good accepted tools for this.
Frequently mentioned are SWOT and PEST analyses (in one of it's forms, see this Wikipedia page).
PEST and variants
PEST:
- Political
- Economic
- Social (incl. cultural)
- Technological
PESTLE/PESTEL:
- Legal (ISO C 4.2)
- Environmental
DESTEP:
- Demographic
- Ecological
STEEPLED:
- Ethical