Expert Advice Community

Guest

ISMS - In scope or out of scope

  Quote
Guest
Guest user Created:   Jun 15, 2021 Last commented:   Jun 15, 2021

ISMS - In scope or out of scope

Hope all is well. In my ISMS Scope doc, I specifically included my company’s two processes and services:  

Managed Application Services (MAS) that help customers manage and host specific applications
Software as a service (SaaS) that provide cloud-based software solution for customers
The CS, TD and DTS are the three technology divisions providing the MAS and SaaS services therefore they are considered as the parties to implement and maintain ISMS.

Our Sales and Marketing Divisions are considered as the users, but they are, implicitly, responsible for following the ISMS policies and procedures, as users.

Can we exclude Sales and Marketing from the ISMS scope? Please advise.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 15, 2021

Some information is missing for providing a direct answer, so I’ll provide one considering two possible scenarios.

In case your company is a small one (i.e., up to 50 employees), it is better to include all your organization in the ISMS scope because the effort to separate elements that are inside the scope from that outside it wouldn’t be worthy.

In case your company has more than 50 employees, you should evaluate if keeping Sales and Marketing separated from the other divisions is worthy (you would have to treat them like external parties, for which you need to implement controls to separate them from the ISMS scope, at the same time you need to provide access to information in the ISMS scope they need).

This problem is described in detail in this article:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 15, 2021

Jun 15, 2021

Suggested Topics

Guest user Created:   May 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Scope Statement