We are currently working on ISO 27001 project in our company.
We are using your Conformio to do it.
We have one question about the Risk Register we thought you might know the answer.
In short, our company is offering IT Support services for other companies.
My question is this,
We keep our servers in a Datacenter which is hosted by another company. So, they manage the security of this location.
However, there are risks associated with the Datacenter that we need to be aware of.
For example, that our former employees’ access to the Datacenter is terminated.
Or that the Datacenter is protected in a way that we can accept.
Basically, we can’t control the security of this datacenter, but we need to be aware of the risks.
So, can we include the Datacenter to our Scope if we can’t truly manage it?