Definition(s)
IEC 27000:2014, Information technology
Internal environment in which the organization seeks to achieve its objectives.
[SOURCE: ISO Guide 73:2009]
- Note 1 to entry: Internal context can include:
- governance, organizational structure, roles and accountabilities;
- policies, objectives, and the strategies that are in place to achieve them;
- the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies);
- information systems, information flows and decision-making processes (both formal and informal);
- relationships with, and perceptions and values of, internal stakeholders;
- the organization’s culture;
- standards, guidelines and models adopted by the organization; and
- form and extent of contractual relationships.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Internal context
Internal environment in which the organization seeks to achieve its objectives. NOTE Internal context can include: governance, organizational structure, roles and accountabilities; policies, objectives, and the strategies that are in place to achieve them; the capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies); information systems, information flows and decision-making processes (both formal and informal); relationships with, and perceptions and values of internal stakeholders; the organization’s culture; standards, guidelines and models adopted by the organization; and form and extent of contractual relationships.
Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global Standards