With the organisational user sec 3.2 do we have to list every type of unit I.E computer monitors .Key boards , Lap tops , Mouse etc etc. Also I really don’t get the how they are from units that are not in scope ? If we have a desk that is not in scope and a laptop that is on that desk that is in scope how would I document that ?
3.1 Processes and Services
Is this enough detail ? Below
Processes and services
Existing services - Pentesec will continue to deliver its services within a secure environment.
Development-Pentesec will conduct annual risk assessments to ensure that risk to information in the care of is minimalized or eliminated
Incidents – Pentesec will ensure that all systems are protected and resilient from breach by keeping firewall software and licences up to date with the latest patches to prevent entry of any malware.
Organizational units
Laptops, Docking Stations Keyboards and how they are separated from the organizational units that are not included in t he scope]
Answer: In section 3.1 you should detail the "existing services" to the services currently running (e.g., software development services, printing services, etc.).
For section 3.2 (Organizational Units) you should list the business areas included in the scope (HR department, IT department, R&D department, etc.), not the assets. As ways they are separated from units not in the scope you can mentions walls, doors, separated buildings, etc.
Included in the template there are comments with examples of how you can fill the templates. Additionally, you have access to a video tutorial that can help you fill the ISMS scope template.
Comment as guest or Sign in
Jun 29, 2018