We are looking to become ISO Certified, we have a head office and approx 50 sites across the XX, is it possible to have the Head Office in scope only it is quite a flat IT network and the head office houses finance HR and other departments for all the sites
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The ISMS scope can be limited only to the Head Office, provided you can define a clear separation between the Head Office and the other sites (e.g., by defining a logical separation between the Head Office and the sites).
These articles will provide you further explanation about the scope definition and network segregation:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- Requirements to implement network segregation according to ISO 27001 control A.13.1.3 https://advisera.com/27001academy/blog/2015/11/02/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3/
Comment as guest or Sign in
Apr 01, 2020