ISMS

1. Within the document of the scope of the ISMS in point 3.3 Networks and IT infrastructure, should the network segments, IT Infrastructure (routers, switches, etc.) be fully detailed or is it enough to place a graphic of our diagram network?

A general description of networks and IT infrastructure, like a diagram network, is enough to include in the ISMS scope document.

For further information, see:

• How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

2. In the ISMS implementation project plan Doc, point 3.1 Project objective, can the date that is set as a limit be changed as the ISMS implementation progresses, or should that date not be changed once? what has been defined?

The information in the Project Plan document, such as the implementation date deadline, can be changed as the ISMS implementation progresses. You only need to ensure to get proper approvals and communicate with people affected by the changes.

3. In the ISMS Implementation Project Plan Doc, point 3.4.2 Project Manager, can two or more people be designated as project manager, or can it only be one person?

For small projects, only a single project manager should be considered as the main alternative (in many cases there won’t be enough work to justify designating more than one project manager). When more than one is designated, you need to make clear their responsibilities and authorities, to avoid overlap.

For further information, see:

• Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/

4. In the ISMS implementation project plan Doc, point 4 Management of saved records, within the table is only the project plan document detailed or should all the documents that are of the ISMS be detailed (e.g. scope document , security policy, etc.)?

In section 4 of the Project Plan document, you need to include only the documents related to the management of the project, not the project’s deliverables. Project progress reports are examples of records related to this section.