Assign topic to the user
In terms of scope definition, you can state as location (company's headquarters) the home address of the founder / CEO of the company or the address of the office where the people accountable for the company can be found. You can define this address as the company's scope.
Regarding the remote workers, normally you do not control the environment where they are, so these are kept out of the scope, and you treat remote access as a risk in your assessment.
These articles will provide you a further explanation about defining scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Jul 20, 2021