Implementing ISMS in other Business Dept.
Assign topic to the user
Answer:
You must approach a scope extension as if it was a new implementation project (the steps are basically the same). The difference is that as a scope extension you have to assess how this inclusion will affect your current scope. For example, how you will handle access of the personnel of the new part of the scope to the current one? Access levels will be the same or will have to be updated? Since this new scope will include paper assets, how this will affect you information classification policy?
This article will provide you further explanation about ISO 27100 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27100 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 02, 2019