Guest user Created: Jul 06, 2018 Last commented: Jul 06, 2018

Scope definition

I find it hard to comprehend on how to define the scope of ISMS. I will need to help a customer to do an internal audit, but realizing that the company is a multi-national, multi-sectors company, I don't really know how to proceed.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 06, 2018

Can you please help?

Answer: According to ISO 27001, an ISMS scope must be defined in terms of information, locations or business units to be protected, considering the organization's objectives and context. For your scenario, beside which type of information (e.g., customer data, R&D information, etc.) you should consider which locations and sectors should be part of the ISMS

These articles will provide you further explanation about defining scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding defining scope:
- Book Secure & Simple: A Small-Business Guide to I mplementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 06, 2018

Expert Advice Community