ISO 27001 Scope Document
Assign topic to the user
1 - Do we need to show network documentation of all offices in the ISMS scope, or can we put reference links to the documentation?
For the ISMS scope document, there is no need to show network documentation, but if you want you can include reference links to detailed documentation.
2 - Do we need to include network diagrams of each office in the ISMS scope document?
There is no need to include high-level topology diagrams, but if you want you can include reference like those included on page 5 of each of your documents to give an overview of the network topology.
3 - Do we need to include the XYZ1 office in the scope as the whole outsourcing department works from XYZ2, and it's only the senior managers like the CEO and Founder who work from XYZ1 including the IT security administrator?
Yes, you should include the XYZ1 office in the scope, or at least the part of the office with senior management and the IT security administrator.
4 - Will the ISMS scope focus on the outsourcing department's IT infrastructure be enough, or do we need to implement the ISMS scope to cover the *** IT operations infrastructure across the business?
This answer will depend on the information you want to protect. In case you want to protect the information handled and processed by ***, then you need to include the IT operations infrastructure that runs across the business. If this is not the case, then the scope covering the Outsourcing departments will be enough.
Comment as guest or Sign in
Sep 06, 2022