Can we change the scope of ISO 27001
I have a little problem or a concept that I want to ask related to ISO 27001 scope and ISMS
let for example a new startup start and when they have 20 employee they will try to certify themselves and they got certified and they certified whole organization because they CEO think that it will help them in market as well in information security
and when they grow and when they have about for example 3000 employee they understand that they didn't need to certify every bit of area of organization with iso 27001 and they just want to change they scope from whole organization to only for those information about they employee and they customer so at the end they can able to do that or not????
i know a gave a example that we can't see in our real life but we can do that or not??
wait for you reply
hope you will understand what i want to say :)
Assign topic to the user
In fact, change in the ISMS scope is quite a common business and your organization can perform this change in the ISMS scope. The ISMS scope can be defined as the whole organization, or as part of it (in terms of locations, departments or processes), and the scope can increase or decrease in size according to the organization's needs.
These articles will provide you a further explanation about the scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This material will provide you a further explanation about the scope definition:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Jul 09, 2020