Guest
Does the scope exclusions allow in 27001:2013
Does the scope exclusions still allow in 27001:2013's scope?
In "IRCA Technical Review Briefing Note ISO 27001"
Page 6 4.3 say that no exclusions allow
Thank you very much
Assign topic to the user
Chattavut,
ISO 27001:2013 allows the scope of the ISMS to defined per the company decision - there are no restrictions whatsoever to which part of the company your ISMS is implemented. However, ISO 27001:2013 says that you need to implement all the clauses of the standard from 4 to 10 - you cannot exclude any of these clauses from the implementation.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016