Context of the Organisation is a foundational requirement in ISO 27001 that mandates organizations to identify and analyze internal and external factors affecting their Information Security Management System (ISMS). This includes understanding the organization's purpose, scope, stakeholders, and regulatory environment.
Organizations must document their context, including factors that could positively or negatively impact ISMS effectiveness. This understanding informs risk assessments, control selection, and the overall security strategy. Regular review ensures the ISMS remains relevant and effective.