Integration suggestion on QMS (AS9100) & ISMS (27001)
For a company like us (***), how do we define the scope, I mean what are our inclusions and exclusions in the scope of ISMS
Assign topic to the user
Inclusions and exclusions in the scope of ISMS will depend on the information, your organization wants to protect.
You need to identify in which part of your company is your most valuable information - see the details here: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
For example, if the most important information is about new products, then the Research & Development process/department must be in the scope. If the most important information is about customers, then the Customer support process/department must be in the scope. You can also define all the organization's information as part of the ISMS scope.
This article can provide you further answer about integrating management systems (the general concept applies to your case):
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 29, 2020