Confining a registrar to the scope that has been defined
Assign topic to the user
I realize the ISMS can be a system that covers more than just security operations, but for initial purposes the *** and ISMS are defined as one and the same. The definition will change over time as scope increases. Just curious.
Answer:
Just because you have defined a certain ISMS scope does not mean such scope is feasible - for example, if there are no clear boundaries for such a scope, then you would have to expand the scope.
Therefore, if your scope is not feasible you should listen to the certification auditor; if your scope is feasible then you have to prove to certification auditor why do you think so. Generally, the recommendation is that the information security should cover the entire organization.
These articles can also help you:
How to de fine the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Jan 12, 2016