Beruflich Dokumente
Kultur Dokumente
1 Introduction
2 Scope
To fully understand the information security context of our business we identify all key
internal and external information security issues that are relevant to our operations and
which affect our ability to achieve the intended outcomes of our information security
management system.
This involves:
identifying those parties (“stakeholders”) who receive our products and/or services, or
who may be impacted by them, or who may otherwise have a significant interest in
the information security impacts of our business
identifying and understanding those internal and external issues of concern that
impact on our activities and/or stakeholders
Our stakeholders and relevant internal and external issues are identified and are monitored
as part of management reviews and updated as necessary.
This procedure sets out, in broad terms, our approach to identifying, monitoring, recording
and systematically addressing these influences, opportunities and issues of concern.
3 Revision History
Revision Date Record of Changes Approved By
0.0 [Date of Issue] Initial Issue
7 Responsibilities
The <Senior Management Team> leads this activity and involves knowledgeable staff from
all levels and parts of the organisation in the process.
Political
Economic
Sociological
Technological
Legal
Information security
PESTLE analysis is used to conduct an environment scan; to review competitors, markets
and the situation in which an organisation finds itself.
11 SWOT
Opportunities - elements that the business or project could exploit to its advantage
Threats - elements in the environment that could cause trouble for the business or
project
SWOT is a structured planning method that evaluates those four elements of a project or
business. A SWOT analysis involves specifying objectives and identifying the internal and
external factors that are favorable and unfavorable to achieve those objectives.
We record key issues raised by the PESTLE and SWOT analyses on the Information
Security Context Log.
We record the stakeholders and their issues of concern on the Information Security Context
Log.