Establishment of the scope of the ISMS ISO 27001:2013
Assign topic to the user
First is important to note that an ISMS scope can be defined in terms of processes, location, or information to be protected.
Considering that, and your stated scenario, you should define your ISMS scope either in terms of processes (development process, sales process, account process, etc.) or information to be protected (e.g., customer information, financial information, etc.).
By the way, included with your toolkit you have access to a video tutorial that can help you define your ISMS scope. This video contains examples.
For further information, see:
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
May 30, 2022