Expert Advice Community

Guest

ISMS SCOPE DOCUMENT

  Quote
Guest
Guest user Created:   Jul 15, 2022 Last commented:   Jul 15, 2022

ISMS SCOPE DOCUMENT

Hope you are doing well I have some question about ISMS scope ISMS SCOPE DOCUMENT document does not include the following as you mentioned in your book "secure & simple" ISO 27001 says you have to do the following when defining the scope: Take into account internal and external issues defined in clause 4.1. Take into account all the requirements defined in clause 4.2. Consider interfaces and dependencies between what is happening within the ISMS scope and the outside world. and the last point also needs more clarification on how to do It, I mean other method rather than diagram.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 15, 2022

Please note that ISO 27001 does not require internal and external issues, and interested parties’ requirements to be documented, only to be taken into account. Including this information in the ISMS Scope document only would make it unnecessarily complex.

Regarding interfaces and dependencies, they also do not need to be documented in the ISMS scope. 

All these inputs are used to define what is part of the ISMS scope (in terms of processes, information, or location), what is excluded from the scope (when not all the organization is in the scope), and the elements the separate what is inside the scope and what is outside (e.g., a firewall is an element that can be used to separate a network the is part of the ISMS scope from other networks that are outside the scope).  

In the ISMS Scope document template, the information about elements inside and outside the ISMS scope is included, respectively, in sections 3.1, 3.2, 3.3, and 3.5. The information about interfaces and dependencies is no needed to be included in the ISMS scope document. 

For guidance on how to define the ISMS scope, please see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/  
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 15, 2022

Jul 15, 2022

Suggested Topics