Clause ISO/IEC 27001: 2013 Clause This International Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. 1 2 1 The following documents, in whole or in part, are normatively referenced in this 2 document and are indispensable for its application. ISO and IEC maintain terminology databases for use in standardization at the following addresses:—ISO Online browsing platform: available at 3 3 iso/obp — IEC Electropedia: available at electropedia/ NOTE Determining these issues refers to establishing the external and internal context of the organization considered in Clause 5.3 of ISO 4.1 4.1 31000:2009. The organization shall determine:….b) the 4.2 (b) requirements of these interested parties relevant to information security. 4.2 (b) c) which of these requirements will be addressed through the information security 4.2 4.2 (c) management system. NOTE The requirements of interested parties may include legal and regulatory requirements and contractual obligations. 4.2 4.4 4.2 The organization shall establish, implement, maintain and continually improve an information security management 4.4 system, in accordance with the requirements of this International Standard. NOTE Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the 5.1 5.1 organization’s existence. c) includes a commitment to satisfy applicable requirements 5.2 related to information security; and” 5.2 5.3 Top management shall ensure that the responsibilities and authoriti