Expert Advice Community

Guest

ISO 27001 question

  Quote
Guest
Guest user Created:   Oct 31, 2020 Last commented:   Oct 31, 2020

ISO 27001 question

I have a client who has a single site out of a large multinational who wishes the site certified to ISO 27001. Can you offer any advise, esp WRT to determining the scope of the project?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 31, 2020

I'm assuming that by WRT you mean "with respect to".

Considering that, for organizations up to 50 employees, the best approach is to include all the organization in the ISMS scope, since that for organizations up to 50 employees the effort to keep a separated scope is not worthy.

For organizations with more than 50 employees, you should consider limiting the scope to the processes and departments related to the information the organization wants to protect. 

These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 31, 2020

Oct 31, 2020

Suggested Topics