Could you please let me know how to do ISMS scope if the company does software development also offer SaaS to the cloud how should I scope it. I know how to do scope I don't know cloud what happens in cloud
Answer: When an organization provides SaaS, it is important to identify which elements it has direct control over, because these are the elements that will be part of the ISMS scope.
For example, if your organization owns the datacenter that hosts your SaaS, then the physical environment, hardware, and software (e.g., virtual servers, operational systems and applications), must be included in the ISMS scope. On the other hand, if your SaaS is hosted on an outsourced datacenter provider, the most probable situation is that you have only to include the application you provide to your customers in the ISMS scope (the other elements will be handled by means of controls related to supplier relationship management). In case of use of outsourced datacenter provider, for a precise answer you must verify the service agreement established with the provider.
"The ISMS scope is defined by the information related to the organization's software development processes and the information related to the service XXX, provided as SaaS by the organization to its clients."