Include geopolitics in the analysis of the external environment.

CONTROL ID
12897

CONTROL TYPE
Business Processes

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Analyze the external environment in which the organization operates., CC ID: 12799

There are no implementation support Controls.

The requirements for each zone should be determined through the risk assessment. The risk assessment should include, but is not limited to, threats like aircraft crashes, chemical effects, dust, electrical supply interference, electromagnetic radiation, explosives, fire, smoke, theft/destruction, vi… (Critical components of information security 8) (ii), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
Analyze influencing factors in the external context including: - Industry forces - Market - Technology - Societal - Regulatory and legal - Geopolitical - Environmental - Third-party relationships - External opportunities and threats (as part of SWOT (OCEG GRC Capability Model, v. 3.0, L1.1 Analyze the External Context, OCEG GRC Capability Model, v 3.0)