I had a small query on the outlined ISMS scope in the organisational units.
Can you check the attached image if it is correct for the organisational unit highlighted scope?
- I have added myself (IT security admin) and the Internal Audit Team.
- I will be leading the ISMS implementation while the Audit team will perform the internal audit of the ISMS implementation.
- With the location and network in scope and out of scope,
- Can we include all offices in scope as listed in the previous document as the outsourcing team will be working across Nepal offices?
As we cannot segregate office locations specifically for the outsourcing division, we will assess and implement ISO controls accordingly for the outsourcing team.