Guest user Created: Feb 11, 2018 Last commented: Feb 11, 2018

ISMS boundaries definition

We are working on determining and defining the boundaries for our ISMS. Is it necessary for us to cover all of our employees that work remotely in different states? These individuals do have access to our top level controls for information security.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 11, 2018

Answer: You should consider for your ISMS all employees that have access to the information you want your ISMS to protect, so if all of your employees that work remotely in different states have access to these information, then all of them must be considered in the boundaries of your ISMS.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 10, 2018

Expert Advice Community