CFO exclusion from ISMS Scope
Context
For our ISMS scope, I have added in an organisation chart. On the basis of your advice stating that 3rd parties are out of our remit of control I have made our CFO (he is an independent consultant) and shareholders out of scope.
Question.
In the section, exclusions from scope, are we okay to exclude the CFO/Finance function and shareholders from the scope?
Thank you in advance for your guidance on the above,
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Considering the provided information, since the CFO and shareholders are considered 3rd parties, you can exclude both from the scope.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
For further information, see:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Jan 26, 2023