ISMS Scope Statement
In the process of writing an ISMS Scope Statement. Can you please review and provide feedback if this will work for a Scope Statement or should I add or take away any words from the below statement. Appreciate your comments! Thank you!
We are a clean and wastewater critical infrastructure business. Consulting and designing clean and wastewater facilities is our core business. It is therefore our responsibility to establish a strong information security management and governance system to protect processes, services, data and assets of our business, employees, clients, contractors, vendor in relation to confidentiality, integrity, and availability.
Assign topic to the user
From your question, it is not clear whether you are referring to the content of the ISMS Scope Document, or about the scope text that will be displayed in the ISO 27001 certificate.
If the former is the case, then the statement is far too short, and you should consider using the ISMS scope template included in your toolkit (it contains comments on how you can provide detailed information to fulfill the standard’s requirements). If the latter is the case, then the statement is too long – in this case, you should consult with your certification body about how to develop this text.
These articles will provide you a further explanation about ISO 27001 scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding ISO 27001 scope:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 05, 2021