1. We use a third party to provide infrastructure for our product (Installation sits on an AWS Server). On the Scope document, what would we put under “Location” for these servers that are provided by a third party?
2. What would we count as our assets regarding these servers that are provided by a third party? These servers are accessed by our staff to do our work using any laptop that is available to us, provided that the IP is cleared by our CTO to access the servers
3. Do we need to reference anything from the Third Party provider? Where will it be referenced in the ISMS?
4. Can you give examples on how regulations, like GDPR, translate into a policy or procedure – like a specific rule in the Information Security Policy Document. I just want to see an example of the wording pattern in a policy where a regulation is referenced.
5. Let’s say the scope of ISMS for now applies to the Services that we provide that are hosted in a third party provided server. What would be examples to exclude?