Guest
ISMS Scope Assistance
My company is contracted with a local data center to provide us with Infrastructure as a Service. The physical infrastructure that we use (firewalls, network switches, servers, and storage) is all leased from our datacenter host and they provide support of this physical infrastructure. My company's IT team builds and manages the operating system and application layers.
Physical access to the equipment located at the data center is allowed to both members of my IT team as well as support personnel of the data center.
In this situation, what is recommended to be included/excluded from the ISMS scope document?
Thanks,
Chris
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
If you store and process sensitive/important information for your company in that data center, then you should include such information in your ISMS scope.
In this kind of a situation, physical infrastructure should be placed out of your scope (since you do not control it directly), and you should place within the scope only what you control - operation system, applications, and of course data.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016