14 Domains of ISO 27001 ISO 27001 require company to implement applicable controls within 14 domains. There are 114 controls under 14 domains. Information security policies – controls on how the policies are written and reviewed Organization of information security – controls on how the responsibilities are assigned; also includes the controls for mobile devices and …
For example: When a mask manufacturer passed an ISO13485 certification audit by UK accredited certification body (such as SGS, BV, Lloyd’s, BSI ..) covering operation and management of a company. The mask manufacturer received a UK Accredited ISO13485 certificate. The ISO13485 certificate states that the operation and management of masks manufacturers meet ISO13485 requirements. However, it cannot be claimed that the mask conforms to ISO13485, because ISO13485 is a certification of the company’s management practices, not a certification of the mask itself.
For ISO 9001 risk identification, the company should identify risk from 6 aspects such as Political, Economic, Social, Technology, Environmental and Legal.
Moreover, the company conduct SWOT Analysis through brainstorm meeting. You can identify where the strength, weakness, opportunity and threat are for improvement.