Guest user Created: Mar 23, 2017 Last commented: Mar 23, 2017

ISMS scope definition

we are a company that give xxxxx consultancy to our customers, we could start certificating a process called: “Manage of customer information” where the point is to make sure we have enough security controls in order to protect customer information, and in case we don’t, we would set up compensating controls to make sure we protect this valuable information. Would this process (Manage of customer information) be viable to certificate for an auditor?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 23, 2017

Answer: Sure, as the main process in your ISMS scope this is a perfect choice considering your consultancy business. But you also should consider the size and location of your activities to define your scope, since for small or medium business, working from a single location, it is more practical to certify the business as a whole instead of handle a particular process.

This article will provide you further explanation about ISMS scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

This material will also help you regarding ISMS scope definition:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 23, 2017

Expert Advice Community