Guest user Created: Feb 28, 2022 Last commented: Feb 28, 2022

Clause 4.3: ISMS scope

Good morning. I got a question about clause 4.3: ISMS scope. I described as a scope that all data needs to secured. I find it logic because its the goal of the ISO27001. My question is which angle to look at while making the scope precise.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 28, 2022

ISO 27001 ISMS scope can be defined in terms of information, processes, or location to be protected. Considering that, you can make your scope more precise by defining information (e.g., customer information, sales, information, research, and development information, etc.), processes (e.g., software development processes, production processes, etc.), or location (information in the company building, in the finance floor, etc.).

This article will provide you a further explanation about ISMS scope:

How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

This material can also be helpful:

How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 28, 2022

Expert Advice Community