Defining scope of application and scope for ISMS
Assign topic to the user
The best ways to define an ISMS scope consider the information, processes, or locations you want to protect. An application cannot be defined as an ISMS scope.
Considering that, for your context, you can define the ISMS scope in terms of:
- the development and maintenance processes that support the web application
- the information processed by the web application
Please note that for companies up to 50 employees, the best alternative is to include all organizations in the ISMS scope, because the effort to keep only the organization in the ISMS scope is not worthy.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding scope definition:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 06, 2021