Context, Interested Parties, Needs, Expectation and Issues
Details
| Date | Version | Status | Information Classification | Document Template ID | Document No |
|---|---|---|---|---|---|
| 22-01-2020 | 1.6 | Approved | Internal | AMS DOC | AMS-Context-01 |
Revision History
| Date | Version | Description | Author | Reviewed by | Approved by | Approved date |
|---|---|---|---|---|---|---|
| 16-05-2015 | 1.0 | Initial Version | Premanand | Risk owners | BV Suresh Kumar | |
| 15-07-2015 | 1.1 | Added competitors and special interest groups as external interested parties | ||||
| 12-05-2016 | 1.2 | The Organization Context embedded to this document as per Internal Audit Observation.Transition to new MR & ISM | ||||
| 25-07-2017 | 1.3 | Annual Review, Included the updated organization context worksheet | ||||
| 11-08-2017 | 1.4 | Added DSC Guidelines to the context of the Organization | ||||
| 25-03-2019 | 1.5 | Added Office Consolidation under Admin & Facilities | ||||
| 26-12-2019 | 1.6 | Ported to the standard Document format, gave references to Organization Context document | Usha | Shaila | Suresh Kumar | 22-01-2020 |
Acronym Used
| Acronym | Expanded Form |
|---|---|
Objective
- To define Context of the organization, identify interested parties and their needs and expectations from Antares systems Limited in alignment with the ISO 31000:2009, ISO 9001:2015 and ISO 27001: 2013.
Scope
- The scope covers all business functions and information assets of ASL as per the scope specified in latest version of the integrated system manual.
Applicability
- Applies to all functions and management of information.
Process Overview
ASL performs a risk management as per ISO 31000:2009 to ensure that the information security risks faced are comprehensively identified and to adopt appropriate risk management strategies for mitigation. This risk assessment will consider business impact and consequences that may arise owing to a loss of confidentiality, integrity and availability of information or information processing facilities.
image()
Responsibility
- Risk owners are responsible for performing Risk Assessment, Treatment and approval by appropriately identifying and implementing the controls using ISO 27001:2013 and/or any other controls as per business requirements.
Organisation context
Antares Systems has identified the internal and external interested party's needs, expectations and issues relevant to information security management system.
The external context of the organization includes Political, Economic, Cultural, and Sociological, legal, statutory, regulatory and contractual obligations are considered. These are captured in: Organization Context document.
The external interested parties includes:
National and International Customers
Strategic partners
Technological partners
Certifying bodies
State and Central Government
Third party service providers
Competitors
Special interest groups
The internal interested parties includes:
Company Directors
Employees
Organization values
Organization vision, mission & goals
Objectives
Organizational processes and functions
Products, projects and services.
Location
The internal interested parties includes:
Management
Employees
QMS & ISMS
HR & Training
Software Development
IT
Admin & Facilities
Customer support
Supplier Management /Help Desk
Finance
Special Interest Groups
New Security Threats and Vulnerabilities
Current Global Cyber Threat Scenario
Legal & Regulatory Requirements
External Interested Parties needs Expectations and Issues
- Refer Organization Context document for details.
References
| Srl. | Document/Section Name |
| ASL Business Continuity Plan | |
| Organization Context document |