Organizations need to demonstrate confident knowledge of all internal and external issues, including regulatory issues, so that scope of ISMS within the unique organizational context is clearly defined.External and internal issues, as well as interested parties, need to be identified and considered. Requirements may include regulatory issues, but t