Expert Advice Community

Guest

ISMS scope - IT admins out of the scope?

  Quote
Guest
Guest user Created:   Jul 23, 2020 Last commented:   Jul 23, 2020

ISMS scope - IT admins out of the scope?

Dear Advisera support,

We’ve bought the toolkit – thank you!  -  and I have a couple of questions regarding ISMS Scope:

1. We want to restrict the scope to one software support service only. There are about 100 employees working on this support service with customers. Could we define the Scope as a service?
2. There are 5 office locations. Should we name exact addresses or just cities?

3. There are two servers in the cloud for the service, they are administered by our IT admins, so they are asset owners for them. The question is: can IT system administrators be not in the scope? Or should all the assets/asset owners be in the scope?

0 1

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 23, 2020

1. We want to restrict the scope to one software support service only. There are about 100 employees working on this support service with customers. Could we define the Scope as a service?

 ISO 27001 ISMS scope can be defined in terms of locations, information, business units, of processes to be protected, so you can define a single software support service as your ISMS scope.

For further information, see:

2. There are 5 office locations. Should we name exact addresses or just cities?

 You need to identify the exact addresses of each office location from where the software support service is provided.

3. There are two servers in the cloud for the service, they are administered by our IT admins, so they are asset owners for them. The question is: can IT system administrators be not in the scope? Or should all the assets/asset owners be in the scope?

You can define the IT system administrators as out of scope, but you need to evaluate if this separation is worth the effort (since they administrate assets that are part of the service, you would need to treat them as an external supplier for your ISMS scope).

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 23, 2020

Jul 23, 2020

Suggested Topics

Guest user Created:   Jul 17, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   Jul 07, 2021 ISO 27001 & 22301
Replies: 1
0 1

Scope question

Guest user Created:   Jul 05, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS TIER 1 - 4 Documents