ISMS scope for a Hospital
Assign topic to the user
Answer:
If you can protect the patient data, you can include it in your scope, but you can also identify what areas, processes, information systems, etc. that are related to this information, For example, the information is stored in a server? Human Resources area has information about employees involved in the treatment of information?
Basically you should define the scope as information, systems, processes, areas, etc. but not in terms of controls.
This article can help you “How to define the ISMS scope” : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
And to avoid problems defining the scope, this article can be also interesting for you “Problems with defining the scope in ISO 27001” : https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Finally, these materials will help you to know more about the scope:
- free online training I SO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Oct 13, 2016