Increasing the Scope of the ISO27001
Assign topic to the user
To extend the ISMS scope you have to perform all the steps as if you were implementing the ISMS for the first time, on a scale equivalent to the size of this extension.
While you will have less effort related to common requirements such as document and record control, internal audit and management review, the effort for the risk assessment and treatment will depend on how similar this extension is to the current scope. If they are similar you may use existent controls and security metrics with only minor adjustments.
In the Secure and Simple book, you should take a look at chapter 5 - FIRST STEPS IN THE PROJECT, which explains how to develop the ISMS scope.
These articles will provide you a further explanation about implementing ISO 27001 (the concepts are the same for scope extension):
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
This material will also help you regarding implementing ISO 27001:
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 05, 2021