CHAPTER 4: MANAGEMENT FRAMEWORK
ISO 27001 is a specification for an information security management system. Unsurprisingly, therefore, it sets out requirements for a management framework. The fourth step in the ISMS implementation is to create this management framework.
Clause 4 of ISO 27001 says the organisation must identify the needs and expectations of interested parties, as well as the internal context of the organisation, and that these should be taken into account in establishing the scope of the ISMS.
You started to identify these requirements when creating your project risk register, so you should revisit this information and build on it. The external context will include the business and risk environment, what’s going on in your sector, ...