The best ways to define an ISMS scope consider the information, processes, or locations you want to protect. An application cannot be defined as an ISMS scope.
Considering that, for your context, you can define the ISMS scope in terms of:
the development and maintenance processes that support the web application
the information processed by the web application
Please note that for companies up to 50 employees, the best alternative is to include all organizations in the ISMS scope, because the effort to keep only the organization in the ISMS scope is not worthy.
These articles will provide you a further explanation about scope definition: