Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Tag: "Scope definition" - Expert Advice Community

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Offices within scope

    Do we have to put the exact location addresses of our sites that are within scope?

    We have quite a few offices so this would make the scope become a large document.

  • 27001 Scope Confusion

    Our company is doing a product-specific scope for ISO27001.  It's not clear to me how complex this will get to carve out the scope of the product when dealing with internal Shared services.

    For example, Corporate IT manage the laptops, office networking, and e-mail accounts of the engineers/administrators of the product.  But has no access to the network/servers of the product itself.  Compromise of their office networking, laptops, or corporate account may influence the security of the information/system in scope (stealing credentials, exploitation of trust, etc).  I know this depends on the auditor, but is it reasonable to state corporate IT process/procedures out of scope but still a dependancy?

    Dialing this back though, nobody involved has a formal ISMS, nor a proper framework for policy/procedures/controls.