Defining scope
Assign topic to the user
I was wondering if you think it is possible to scope one department in one location? If possible, what do you see as the main challenges here?
Any advice or guidance is greatly appreciated, or even a reference to articles that may help me.
Answer:
The ISO 27001 scope can be limited to part of the organization (e.g., business unit, process, or location), but you have to note that an organization should evaluate first if this separation will not bring more additional effort than considering all the organization as part of the scope.
Many larger companies limit the scope of ISO 27001 implementation on IT department and/or one location, and in most cases this works well.
These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
Jul 13, 2019