ISO 27001 Scope
Assign topic to the user
1. Do we have the ISO 9001 certification where its scope is "Customer Service and Telemarketing", is it possible to indicate the same scope on the SGSI?
I’m assuming this scope refers to "Customer Service and Telemarketing" processes.
In this case, it is perfectly possible to have the same scope for ISO 9001 and ISO 27001. ISO 27001 scope can be defined in terms of processes, locations, or information to be protected.
For further information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
2. If the YES is the answer on the scope of the ISMS, should it be included in the point 3.1 of the document on the scope of the ISMS?
The inside of the point 3.1 must detail all the processes that interact within the "Service of Customer Service and Telemarketing”
You do not need to detail the processes that interact with the processes in the ISMS scope. It is enough to identify the interfaces with them (i.e., the point of contact between the processes). For example, you do not need to detail IT processes, you only need to identify that IT processes keep the systems used by Service of Customer Service and Telemarketing running.
Thank you very much for the reply.
In any case, within point 3.1 of the ISMS scope document, only "Telephone Customer Service and Telemarketing" would be placed?
Your understanding is correct. In sections 3.2 to 3.5 of the ISMS scope document, you will identify how the elements of the scope are separated from the other elements.
Comment as guest or Sign in
Feb 21, 2022