Filling scope template
Assign topic to the user
We have one office at a single address. However we rent a serverspace at XXXXX, equipped with server racks where we place and maintain our own servers. Electricity, heating/cooling, connectivity etc is supplied by the owner of the facility. We do not have 24/7 access. When we encounter a problem during hours that the facility is closed, we have to wait to gain access until the facility is opened again?
In your experience, does such a facility have to be included in the scope.
Answer: If your organization performs the operation and maintenance of these server racks you must include this location in your ISMS scope. If the operation and maintenance of these server racks are outsourced, then you do not need to include this location in your ISMS scope, but it is important to notice that the rented serverspace (and the outsourced operation of servers, if applicable) must be considered in the risk assessment (the risk assessment will help you to insert applica ble security clauses into the agreement with the service provider).
This article will provide you more information about defining the scope:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
Jul 03, 2018