Scope definition considering network infrastructure

Answer: Yes, you can include in the scope of a ISO 27001 certification only part of your infrastructure (in this case the network you share with your customer). An ISO 27001 scope can be defined in terms of processes, information or locations.

But it is important your organization evaluates if this division will not cause more administrative effort then considering including the whole organization in the scope. This is so because ISO 27001 also requires that the scope interfaces also can be identified and managed, and if your internal and external networks share a significant number of resources or contact points, maybe it won't be worth to treat them separately.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/