I have a client who has a single site out of a large multinational who wishes the site certified to ISO 27001. Can you offer any advise, esp WRT to determining the scope of the project?
Assign topic to the user
I'm assuming that by WRT you mean "with respect to".
Considering that, for organizations up to 50 employees, the best approach is to include all the organization in the ISMS scope, since that for organizations up to 50 employees the effort to keep a separated scope is not worthy.
For organizations with more than 50 employees, you should consider limiting the scope to the processes and departments related to the information the organization wants to protect.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Oct 31, 2020