Organizational Chart
We purchased your ISO27001 toolkit and have a quick question.
In the ISMS Scope Document (and any other applicable) is it acceptable to reference an Organizational Chart in the document for Employees in the Organizational Unit and not include the actual names, or do I need to keep the Scope (and any other applicable) document updated as employees come and go within the organization?
Assign topic to the user
It is acceptable for ISO 27001 to reference to Organizational Chart in the elaborated documents, instead of using employee's names. In fact, this is a good practice, because, as you mentioned, by using roles instead of people's names, you do not need to update the documents every time the staff changes.
This article will provide you a further explanation about defining scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
These materials will also help you regarding defining scope:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jun 18, 2020