Guest user Created: May 17, 2017 Last commented: May 17, 2017

ISMS scope definition

I did have a question for you, with respect to the scope of the organisation. My existing plan/scope covers the whole of our single premises (and all departments). I was asked to look into the feasibility of only including support and installation for the scope. To be honest I could not see how this would be feasible, without putting nearly as much effort into this, which would be better spent doing the whole business.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 17, 2017

I could put a two page document together detailing the reasons why the whole business should be included but need to put this into a couple of lines.
Do you have any suggestions

Answer: You can write that by ISO 27001, clause 4.3 c, when defining the ISMS scope an organization has also to consider its relationships with all external elements that can influence it, and since support and installation have relationships with all other organization's elements, the effort for managing this reduced scope and these relationships would be greater than managing a scope including all the organization.

This article will provide you further explanation about problems with scope definition:
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

This material will also help you regarding scope definition:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 17, 2017

Expert Advice Community