Scope definition
Assign topic to the user
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now 
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
1 . With regards to the scope, please could you help me understand what we need to include and how to complete part 3 of the scope document. We have an office which is leased and is on the ground floor of the building and our two servers are on the 3rd floor in the server room (this room is shared by all the different companies in the building). We also occasionally work from home using the business laptops.
Answer: Considering your stated scenario, you should include in the ISMS scope the office you work in, your two servers and, of course, the processes/services and information you want to protect. The information about the situation of the server room and the homeworking should be considered on the risk assessment and treatment process.
These articles will provide further information:
- How to define the ISMS scope https://ad visera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
2 . Also, you have a laws and regulations list on your website for the different countries? Do we just need to comply with all the ones listed for the UK or how do we identify the laws and regulations that apply to our company?
Answer: In the following article you can find a list of some laws and regulations required on United Kingdom:
- Laws and regulations on information security and business continuity https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Unfortunately, this list is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations related to United Kingdom are listed.
Regarding compliance with them, you need to identify which ones are applicable to your industry and to the specifics of you business, and for this we recommend you to hire a local legal adviser, to make sure you have identified all relevant laws and regulations.
Comment as guest or Sign in
Mar 22, 2019