I’d appreciate your help/reassurance on a query regarding our ISMS scope.
For our ISMS scope, I have added in an organisation chart. On the basis of your advice stating that 3rd parties are out of our remit of control I have made our CFO (he is an independent consultant) and shareholders out of scope.
In the section, exclusions from scope, are we okay to exclude the CFO/Finance function and shareholders from the scope?
Thank you in advance for your guidance on the above,