Guest
ISMS Scope Question
While establishing an ISMS for an Information Security department ,should I include HR/Finance (and all supporting divisions) as 3 third parties component as they are feeding services to IS Department (the only Dep in scope)?
Assign topic to the user
This depends where is your most valuable information located - if it is located in HR/Finance departments, then they should be included in the ISMS scope; also if you are a smaller company it would be difficult to exclude such departments from the scope even though the information is not located there.
This article will explain you this topic into detail: How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016