ISO 27001

4.1 Understanding the Organization's Context

The factors that the management system affects and is affected by should be determined as a context.

The issues that are affected can be defined as external context, and the issues that it affects can be defined as internal context.

Note: Internal and external issues are randomly sampled with a general approach, you need to customize and elaborate specific to your company's scope.

4.2 Understanding the Needs and Expectations of Interested Parties

The relevant parties that affect the operation of the company should be identified and the environmental needs and expectations of these parties should be determined.

The internal and external issues specified in Article 4.1 are of a guiding nature in determining the relevant parties.

For example;

4.3 Scope

Determining the boundaries of your company's ISMS

Subjects of activity

Activity venues

Security and technological infrastructure should be described

In addition, if there is an item that you have excluded from the above elements or the standard, you must describe it here with the reasons.

Example: XYZ Company scope

Subjects of activity: website and mobile application design services

The activity areas are the head office located in Istanbul, Tuzla …., the branch office in Ankara Gölbaşı and the website XYZ design @....

4.4 Management System and Processes

Your company must establish an ISMS management system within the framework of the ISO 27001 Standard, determine the processes it needs, implement the processes, ensure their continuity and continuously improve them.

The organization should plan actions to prevent/reduce risks and develop opportunities in process management.