Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Exclusions of the ISMS scope

  Quote
Guest
Guest user Created:   Oct 21, 2023 Last commented:   Oct 21, 2023

Exclusions of the ISMS scope

If a unit in the organization (let us say HR) is excluded from the scope, there is a dependency between HR and other units (for example, HR is responsible for recruitment and training). Although HR is excluded from the scope, it still provides training for employees of other departments that are included in the scope. In this case, HR should be considered an external third-party provider to the other organizational units that are included in the scope, which means that HR should be controlled as a supplier.

What do you think?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 21, 2023

You are basically right - if the HR department is outside of the ISMS scope, from the ISMS point of view it will have the same status as a third-party provider; of course, legally speaking, your HR department is not a third-party provider, but a organizational unit of your company.

This article will provide you with further explanation about scope definition:

This tool can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 21, 2023

Oct 21, 2023