Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

ISMS scope for data center

If the datacentre is outsourced and located in a different country, how do we cover that in the ISMS scope document. The customer data resides in the datacentre. Also if the office is spread across multiple location, does the ISMS implementer travel to all the location for implementation.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

If the data center facility is not part of your company, then you can describe that only the server + the database is part of your ISMS scope (or only the database if the server is not under your control). See also this article: Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

The ISMS needs to be implemented by all the employees involved, not only by one person who is coordinating the ISMS implementation. Therefore, this coordinator does not need to travel to all your locations if he/she feels comfortable that local employees are doing their job properly. See also this article: ISO 27001 project How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community