ISMS and PCI DSS
Assign topic to the user
Answer:
From my point of view, if your company is complex, in your case can be a recommendation to limit the scope of the ISMS. I mean, the implementation of the ISMS in your company could be gradual, so maybe the first year you can implement the ISMS in a sector of the organization, next year you can implement the ISMS in another sector, and so on. Although, generally, our recommendation is , if the company is small, that the scope is for the entire organization (but I think that your case is different).
For more information about the scope, this article can be interesting for you “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
And these articles about PCI and ISO 27001 can be also interesting for you:
“PCI-DSS vs. IS O 27001 Part 1 – Similarities and Differences” : https://advisera.com/27001academy/knowledgebase/pci-dss/
“PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification” : https://advisera.com/27001academy/knowledgebase/pci-dss/
Finally, our online course can give you information about the implementation of ISO 27001 in your organization “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 01, 2016