Expert Advice Community

ISMS scope

  Quote
Created:   Mar 01, 2023 Last commented:   Mar 03, 2023

ISMS scope

Hi. I have some questions with the ISMS scope.

The main company is based in Hong Kong. A subsidy is located in the Philippines. Some staff are hired in the Philippines to work for the main company in Hong Kong via remote work. They mostly have the same access to servers, network, applications and databases as the HK-based staff.

My questions are:
- Do we need to include the Philippine-based staff in the ISMS scope?
- Do we also need to include the Philippine office in the scope? The staff are remote-based but the employee/HR-based paper documents are stored/located in the Philippine office. Which means, physical protection (door lock, cabinet lock, cctv) need to be in place?

0 0

Assign topic to the user

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

Expert
Rhand Leal Mar 03, 2023

1 - Do we need to include the Site B-based staff in the ISMS scope?

I’m assuming you are considering the certification for Site A.

Considering that, from your description, the Site B-based staff can be considered outsourced personnel for Site A, so they do not need to be included in the ISMS scope.

2 - Do we also need to include the Site B office in the scope? The staff are remote-based but the employee/HR-based paper documents are stored/located in the Site B office. Which means, physical protection (door lock, cabinet lock, cctv) need to be in place?

Please note that Site B only needs to be included in the ISMS scope if it handles or stores information included in Site A's scope. If this is not the case, there is no need to include Site B in the ISMS scope.

For further information, see:

This material will also help you regarding the scope definition:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 01, 2023

Mar 03, 2023

Suggested Topics

Guest user Created:   Oct 21, 2023 ISO 27001 & 22301
Replies: 1
0 0

Exclusions of the ISMS scope

Guest user Created:   Dec 05, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISMS scope

Guest user Created:   Oct 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISMS scope