Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

ISO 27001 Scope Document

  Quote
Guest
Guest user Created:   Sep 06, 2022 Last commented:   Sep 06, 2022

ISO 27001 Scope Document

1- Do we need to show network documentation of all offices in the ISMS scope, or can we put reference links to the documentation?

2 - Do we need to include network diagrams of each office in the ISMS scope document?

3 - Do we need to include the XYZ1 office in the scope as the whole outsourcing department works from XYZ2, and it's only the senior managers like the CEO and Founder who work from XYZ1 including the IT security administrator?

4 - Will the ISMS scope focus on the outsourcing department's IT infrastructure be enough, or do we need to implement the ISMS scope to cover the *** IT operations infrastructure across the business?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 06, 2022

1 - Do we need to show network documentation of all offices in the ISMS scope, or can we put reference links to the documentation?

For the ISMS scope document, there is no need to show network documentation, but if you want you can include reference links to detailed documentation. 

2 - Do we need to include network diagrams of each office in the ISMS scope document?

There is no need to include high-level topology diagrams, but if you want you can include reference like those included on page 5 of each of your documents to give an overview of the network topology.

3 - Do we need to include the XYZ1 office in the scope as the whole outsourcing department works from XYZ2, and it's only the senior managers like the CEO and Founder who work from  XYZ1 including the IT security administrator?

Yes, you should include the XYZ1 office in the scope, or at least the part of the office with senior management and the IT security administrator.

4 - Will the ISMS scope focus on the outsourcing department's IT infrastructure be enough, or do we need to implement the ISMS scope to cover the *** IT operations infrastructure across the business?

This answer will depend on the information you want to protect. In case you want to protect the information handled and processed by ***, then you need to include the IT operations infrastructure that runs across the business. If this is not the case, then the scope covering the Outsourcing departments will be enough.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 06, 2022

Sep 06, 2022

Suggested Topics