Expert Advice Community

Guest

ISMS scope

  Quote
Guest
Guest user Created:   Oct 21, 2022 Last commented:   Oct 21, 2022

ISMS scope

Regarding the ISMS Scope Document, For the location, we are a remote company with a virtual address, we have an address for our data center, and if we should include it. Also, what should we exclude? we give laptops to our employees

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 21, 2022

I’m assuming that you do not own the data center.

Considering that, for certification purposes, you need to define at least one physical location which belongs to the organization. This one can be the address of the CEO's home, or some office rented by the organization for administrative purposes(like the company HQ).

Since you are a remote company, you should define your scope in terms of the data you want to protect (i.e., the physical data center should be excluded, but the data hosted in this data center should be included) and exclude all remote sites.

These articles will provide you with further explanation of ISMS scope definition:

This tool can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 21, 2022

Oct 21, 2022