| How to consider the context of the organisation

photo

The main thrust of Clause 4.1 and 4.2 in a management system is for the organization to take a higher-level overview of the business – consider the key internal and external factors which impact on the quality and/or environmental management system.

Annex A The Annex A guidance in ISO/IEC 27001:2013 explains this very well:

"The intent of this clause is to provide a high-level, strategic understanding of the important issues that can affect, either positively or negatively, the way the organization manages its environmental responsibilities. The issues of interest are those that affect the organization's ability to achieve the strategic objectives it sets for its environmental management system, which include meeting its environmental policy commitments."

4.1 requires the organisation to consider a wide range of potential factors which can impact on the management system, in terms of its structure, scope, implementation and operation. The areas for consideration quoted in the Annex A guidance are wide-ranging, including:
  • Social
  • Economic
  • National
  • Governance
  • Technological
  • Political