Guest user Created: Jun 30, 2016 Last commented: Jun 30, 2016

Defining the scope

Defining ISMS. We are a ********* company and we have clients in the UK requiring us to be ISO 27001 compliant and certified. We are potentially targeting a 3rd party data center in the UK where we rent rack space as well as one of our local offices. I am wondering if we should define the scope further down to one particular system we use to support client data or scope the data center (multiple systems) and one of our locations.

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Jun 30, 2016

Answer:
From my point of view, if you have a client requiring the ISO 27001 implementation and certification, it is better if you talk with your client and agree with him your ISMS scope (to avoid problems).

Anyway, if you are giving a service to your client, and you need all systems of the data center for this service, maybe the best option would be to include in the scope all systems (I suppose that these systems are managed by your company).

This article can be interesting for you “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

And our online course can be also interesting for you because we give more information about the ISMS scope “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 30, 2016

Expert Advice Community