Scribd Logo
Upload

Welcome to Scribd!

  • 5-Example Statement of Context

    Uploaded by

    carmine evangelista
    7 views2 pages
    Iso27001 sample

    Original Title

    5-Example statement of context

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Iso27001 sample

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views2 pages

    5-Example Statement of Context

    Uploaded by

    carmine evangelista
    Iso27001 sample

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Reference Toolkit

    5. Statement of Context - Example


    The organization’s purpose is to provide IT support and hosting services to both public and
    private sector organizations.
    XXX Ltd provides two types of service offering:
    • Hosting customer supplied and managed equipment only (Type 1)
    • Hosting, supplying and supporting equipment and services for customer (Type 2)
    Type 1 customers are all UK based organizations. Type 2 customers are a mix of UK and
    European customers.
    Current external issues include: Regulatory control of cardholder data (as defined under PCI
    DSS), European data protection law, business service providers, environment and specific
    third party issues arising from complaints.
    Current internal issues include: skilled technical staff - competence & training, working
    conditions, regulatory control, risk controls & corrective actions.
    The core processes describe all the processes that are necessary to realize information
    security whilst delivering its services to its customers. Document ‘101’ is an overview of the
    processes and their interactions. The Core Processes are listed below:
    • Project Management XXX102
    • Customer Supplied Hosting XXX 103
    • Supplied Hosting XXX 104
    • Customer Support process XXX 105
    • Change Management XXX 106
    All activities performed by XXX affect the information security management system (ISMS).
    The following diagram outlines activities performed by other organizations.

    Legal

    Head
    Office

    Facilities /
    Estates Management
    Site Security

    Marketing / Web Design


    Payroll Provider Provider

    ISM02201ENGX v1.0(AD03) Jan 2022 ©The British Standards Institution 2022 1 of 2


    Reference Toolkit

    Interfaces and dependencies between activities performed by XXX, and those that are
    performed by other organizations are defined within Document ‘201’.
    Network diagrams ND001, ND002 and ND003 detail the boundaries of the IT infrastructure
    within scope of the ISMS.
    Legal and other requirements appertaining to the ISMS are documented within LR4.
    Requirements of interested parties, relevant to information security, are maintained and
    documented within IP2.

    ISM02201ENGX v1.0(AD03) Jan 2022 ©The British Standards Institution 2022 2 of 2

    You might also like