The ISMS in its context

The primary purpose of the ISMS is to Control information security risks, that may impede on the organization achieving its goals.

The ISMS does not exist in a vacuum. It interacts with the internal and external context of the organization.

An effective ISMS relies on a relationship between / the interplay of organizational goals, its context, threats and risks to the CIA of information, and available resources.