Expert Advice Community

Guest

Confining a registrar to the scope that has been defined

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Confining a registrar to the scope that has been defined

How does one go about confining a registrar during the audit to the scope that has been defined? I’ve experienced an auditor who seems to be attempting to expand ISMS scope beyond the internally agreed upon scope. We are limiting scope of the ISMS to the ***; nothing more – nothing less.
0 0

Assign topic to the user

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

Guest
DejanK Jan 12, 2016

I realize the ISMS can be a system that covers more than just security operations, but for initial purposes the *** and ISMS are defined as one and the same. The definition will change over time as scope increases. Just curious.

Answer:

Just because you have defined a certain ISMS scope does not mean such scope is feasible - for example, if there are no clear boundaries for such a scope, then you would have to expand the scope.

Therefore, if your scope is not feasible you should listen to the certification auditor; if your scope is feasible then you have to prove to certification auditor why do you think so. Generally, the recommendation is that the information security should cover the entire organization.

These articles can also help you:

How to de fine the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope of ISMS

Guest user Created:   Sep 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope in Conformio