ISMS scope for data center
Assign topic to the user
If the data center facility is not part of your company, then you can describe that only the server + the database is part of your ISMS scope (or only the database if the server is not under your control). See also this article: Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
The ISMS needs to be implemented by all the employees involved, not only by one person who is coordinating the ISMS implementation. Therefore, this coordinator does not need to travel to all your locations if he/she feels comfortable that local employees are doing their job properly. See also this article: ISO 27001 project How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
Comment as guest or Sign in
Jan 12, 2016