ISO 9001 / ISO 27001

4.1 Understanding the Organization's Context

The factors that the management system affects and is affected by should be determined as a context.

The issues that are affected can be defined as external context, and the issues that it affects can be defined as internal context.

Note: Internal and external issues are randomly sampled with a general approach, you need to customize and elaborate specific to your company's scope.

4.2 Understanding the Needs and Expectations of Interested Parties

The relevant parties that affect the operation of the company should be identified and the environmental needs and expectations of these parties should be determined.

The internal and external issues specified in Article 4.1 are of a guiding nature in determining the relevant parties.

For example;

4.3 Scope

Your company's management system determines its boundaries

Subjects of activity

Activity venues

Security and technological infrastructure should be described

In addition, if there is an item that you have excluded from the above elements or the standard, you must describe it here with the reasons.

Example: XYZ Company scope

Subjects of activity: website and mobile application design services

The activity areas are the head office located in Istanbul, Tuzla …., the branch office in Ankara Gölbaşı and the website XYZ design @....

4.4 Management System and Processes

The administrative, support and operational processes that your company needs should be determined and the procedures should be described in accordance with the determined method in accordance with ISO 900 1 and 27001. These processes may be aimed at measuring/developing customer satisfaction, evaluating process performance, organizing training, implementing internal audits, organizing corrective actions, defining access permissions and access authorizations. In addition to these examples, operational processes should also be prepared for the necessary planning, application control, etc. stages in accordance with the company's own operation.

You can describe your process under a procedure, draw a flow chart, or determine an alternative method.

Processes should be continually reviewed and updated when necessary, based on continuous improvement principles.

Below, an example of a process interaction diagram prepared for a company engaged in Engineering Management and R&D activities is given, and immediately afterwards, an example of an "Internal Audit Process" prepared with the process flow diagram logic according to the process requirements of the internal audit process in the diagram is shared.

Note: The examples shared in the figures above are based entirely on assumptions. They can be changed or improved depending on the scope, field of activity and company structure of the companies.