ISMS scope in Quality Manual
Assign topic to the user
Neither ISO 9001 nor ISO 27001 prescribe how you should structure your documentation. So basically, you have the following options:
a) ISMS Scope document is a separate document - this is the most common option
b) ISMS scope is defined within the Information Security Policy document - this is option that is sometimes used by smaller companies
c) ISMS scope is defined within the Quality Manual - this is very rare, but theoretically possible.
See also this article about the ISMS scope: https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Jan 12, 2016