ISMS scope

Answer: Section 3.4 of the ISMS scope document requires an organization to document a general overview of which network and IT assets (e.g., firewalls, switches, communication links, etc.) are included in the scope, but you also have to understand how these assets relate to elements external to the scope (e.g., Internet, customer's network, communication providers, etc.), so you can have a precise understanding of your security context and environment.

Here is an example:
"The network and IT infrastructure included in the ISMS scope comprise of two local networks (user and system LANs) and a wi-fi network (for consultants), interconnected by two independent switches, and a backbone which connects all networks to the Internet."

These articles will provide you further explanation about ISMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

2 I also want to know if you have a gap assessment document for ISO 22301?

Answer: For ISO 22301 gap assessment I suggest you to take a look at the free demo of our ISO 22301 Internal Audit Checklist at this link: https://advisera.com/27001academy/documentation/internal-audit-checklist/

This document provides a list of questions in order to help identify compliance with ISO 22301. For each clause or control from the standard the checklist provides one or more questions which allows you to visualize which specific elements of business continuity management system you’ve already implemented, and what you still need to do.