Back

Include society in the analysis of the external environment.


CONTROL ID
12963
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Analyze the external environment in which the organization operates., CC ID: 12799

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Economic, environmental, human rights, and other societal challenges at local, regional, and global levels related to the organization's sectors and the geographic location of its activities and business relationships (e.g., climate change, lack of law enforcement, poverty, political conflict, water… (§ 1. Step 1. Sustainability context ¶ 1 Bullet 1, GRI 3: Material Topics 2021)
  • Analyze influencing factors in the external context including: - Industry forces - Market - Technology - Societal - Regulatory and legal - Geopolitical - Environmental - Third-party relationships - External opportunities and threats (as part of SWOT (OCEG GRC Capability Model, v. 3.0, L1.1 Analyze the External Context, OCEG GRC Capability Model, v 3.0)
  • While not defined as stakeholders, the natural environment and society as a whole should also be considered by the governing body in its decision-making because they affect or will be affected by the organization's activities. (§ 4.2.5 ¶ 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • legal, regulatory, natural environment, social and economic context; (§ 5 ¶ 5 Bullet 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • In determining the value generation model, the governing body should understand the context in which the organization operates over time, including stakeholder expectations, regulatory frameworks, technological change, and the present and potential future natural environment, social and economic iss… (§ 6.2.3.1 ¶ 3, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • social, cultural and environmental contexts; (§ 4.1 ¶ 2 bullet 5, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • social, cultural, and environmental contexts; (§ 4.1 ¶ 2 bullet 2, ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • societies. (§ 6.3.3 ¶ 3 Bullet 9, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)
  • An AI system can replace an existing system and, in such a case, an assessment of the risk benefits and risk transfers of an AI system versus the existing system can be undertaken, considering safety, environmental, social, technical and financial issues associated with the implementation of the AI … (§ 5.4.1 Table 2 Column 2 Row 7 Bullet 1, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)
  • Map vulnerable populations and public and private health facilities (including traditional healers, pharmacies and other providers) and identify alternative facilities that may be used to provide treatment (Pillar 7 Step 1 Action 1, COVID-19 Strategic Preparedness and Response Plan, OPERATIONAL PLANNING GUIDELINES TO SUPPORT COUNTRY PREPAREDNESS AND RESPONSE, Draft as of 12 February 2020)