Defining Scope
How to define The ISO27001 Scope. I'm working for a hybrid company (~300 employees), 8 global locations, we offer cloud management services, and it's difficult to properly define the Scope.
What should be included in the Scope?
Assign topic to the user
The definition of scope depends primarily on the information you want to protect (e.g., customer information, R&D information, financial information, all information, etc.). Based on the information you want to protect you can identify locations, processes, or business units where this information is stored, processed, or flows through to include in your scope.
For example, if you want to protect customer information only, the processes related to cloud management services should be in the ISMS scope.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding scope definition:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Jun 30, 2020