Please select user.
There are no topics yet.
X company outsourcing the main business product (source code, software application and maintenance) and IT services(office network, and maintenance) from Third party. Now, The X compay is trying to document its ISMS scope accroding to clause 4.3
The scope document must include Process and Services, Organizational Unit, Locations, and Networks and IT infrastucture. However, X company doesn't have IT department, and all IT and network related works go to Third party. X company doesn't own a single switch or server.
My question is Do we need to include Third party's network diagram, IT infrastucture, servers, and network devices in the scope if these are touches our main product?