Defining the scope of ISO 27001
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: For a smaller company of up to 50 employees the best is to include your whole company into the ISO 27001 scope, because it would be too costly to try to keep a part of such small company out of the scope.
For larger companies (e.g. more than 500 employees) you should choose a department or a location to include in the scope for the beginning - after you successfully implement the standard in such smaller scope, then you can expand further.
For companies between 50 and 500 employees - you should assess which approach between the two described better fits you.
Here are some articles that will help you:
- How to define the ISMS scope: https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the ISMS scope: https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/ -defining-the-scope-in-iso-27001/
This free online training will also help you with scoping: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 24, 2018