Hope you are doing well.
I bought your toolkit, but I still have some issues with the SMSI documents preparation.
For instance :
- The Document of the scope
The company has around 120 employees, has 2 sites, and 3 different activities: IT Solution integration, Training, and Cloud service provider.
One site contains the IT Solution integration and training Divisions with the HR & Commercial Departments, the other site contains the Cloud Division.
The company wants to certify only the Cloud Activity, but I want to check if we should include in the Scope the HR and Commercial departments to respond to the A.7 requirements and the security of customers personnel information & customers Contracts.
- The Business Continuity
Should we also prepare all the documents related to A.17 requirements even if the company doesn't plan to include the SMCA and business continuity certification in this scope ?
Thanks in advance for your support.