This is the first phase of ISO27001 for us. We dont plan on seeking certification but interested to align our environment to ISO27001.
Is it complusary to done a scope? Can we just go about implementing ISO27001 for our whole environment. We are a small orgnisation but getting bigger.
The idea is to initially implement ISO27001 framework orgnisation wide so when we expend we have good practices in place that will allow us to build on (expand on)
Do you see any risk/concerns with this approch? Is there a better way to go about? What are your recommendation?