Employee equipment in the ISMS scope?
Assign topic to the user
I assume you are referring to our ISMS Scope template? If yes, we have suggested to leave out the employee equipment (that is not owned by the company) - e.g. laptops, mobile phones - because this equipment is used also for the private purposes. For such equipment it is much easier to regulate the use with a BYOD Policy - in such way, you can apply security rules to such equipment even if it is outside of the scope of your ISMS.
If you want to include such equipment in the scope, you do not have to list it in the ISMS Scope document - you should simply list all the processes, departments and locations that are included in the scope.
This article will also help you: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Comment as guest or Sign in
Jan 12, 2016