ISMS SCOPE DOCUMENT
Assign topic to the user
Please note that ISO 27001 does not require internal and external issues, and interested parties’ requirements to be documented, only to be taken into account. Including this information in the ISMS Scope document only would make it unnecessarily complex.
Regarding interfaces and dependencies, they also do not need to be documented in the ISMS scope.
All these inputs are used to define what is part of the ISMS scope (in terms of processes, information, or location), what is excluded from the scope (when not all the organization is in the scope), and the elements the separate what is inside the scope and what is outside (e.g., a firewall is an element that can be used to separate a network the is part of the ISMS scope from other networks that are outside the scope).
In the ISMS Scope document template, the information about elements inside and outside the ISMS scope is included, respectively, in sections 3.1, 3.2, 3.3, and 3.5. The information about interfaces and dependencies is not needed to be included in the ISMS scope document.
For guidance on how to define the ISMS scope, please see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
Comment as guest or Sign in
Jul 15, 2022