ISMS scope for a cloud provider
Assign topic to the user
My question is about defining the ISMS Scope. As a service provider, how do we set the scope for ISMS ?
Since we “hand control” of the servers to our customers and they have control over what data is uploaded and who can access it, I am struggling to see how that can be included in the scope.
Answer:
From my point of view, to set the scope for your ISMS, you can focus it on the information that you can manage: information about customers, financial information, information about providers, information about your employees, about your systems, etc. Maybe you have a CRM and/or an ERP, and you can also include it in your ISMS scope, because these applications have information. Keep in mind that ISO 27001 is about the protection o f information.
For more detail about the scope, please read this article “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
And our online course can be also interesting for you, because we give more information about the ISMS scope “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 27, 2016