Do we have to put the exact location addresses of our sites that are within scope?
We have quite a few offices so this would make the scope become a large document.
Assign topic to the user
If you have e.g. hundreds of branch offices, then you should specify only the locations of main offices in your ISMS Scope document, and refer to some other document where you list all the branches - this other document could be your internal or public list of branch offices.
If you go for the certification, you should consult with your certification body on how to document the locations.
Here are some materials that will help you with setting the ISMS scope:
- article How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- article ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- free online training ISO 27001 Foundations Course
Comment as guest or Sign in
Nov 28, 2020