Dear Advisera support,
We’ve bought the toolkit – thank you! - and I have a couple of questions regarding ISMS Scope:
1. We want to restrict the scope to one software support service only. There are about 100 employees working on this support service with customers. Could we define the Scope as a service?
2. There are 5 office locations. Should we name exact addresses or just cities?
3. There are two servers in the cloud for the service, they are administered by our IT admins, so they are asset owners for them. The question is: can IT system administrators be not in the scope? Or should all the assets/asset owners be in the scope?