Scope as IT Department,
If I'm setting the scope as IT Department, should I include the branches as well in the scope.
In each branch I have some routers and switches to connect to the HQ where all systems are central and managed from the HQ.
Assign topic to the user
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now 
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
Since it seems all IT elements in the branches are managed from the HQ, there is no need to include the branches in the scope. You only need to inform how these elements are separated from other elements controlled by the branches.
These articles will provide you a further explanation about scope definition (it is focused on ISO 27001, but the concepts also apply to ISO 22301):
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Oct 28, 2020