Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Employee equipment in the ISMS scope?

This is an awesome template, but I do have one question. Whyd you leave out data and employee equipment? I consider employee laptops in scope, but it doesnt seem to fit into the categories in the template unless I put it under Processes and Services.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

I assume you are referring to our ISMS Scope template? If yes, we have suggested to leave out the employee equipment (that is not owned by the company) - e.g. laptops, mobile phones - because this equipment is used also for the private purposes. For such equipment it is much easier to regulate the use with a BYOD Policy - in such way, you can apply security rules to such equipment even if it is outside of the scope of your ISMS.

If you want to include such equipment in the scope, you do not have to list it in the ISMS Scope document - you should simply list all the processes, departments and locations that are included in the scope.

This article will also help you: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community