Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Questions regarding the ISMS scope document

If I am getting ISO 27001 certification for a project within an organisation, what should I put under Section 3.2 Organisational Units. Also for Section 3.4 Networks and IT Infrastructure, can I say that "Only the assets that belong to the project are included in the scope".

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Answer: You should specify in section 3.2 of your ISMS Scope document all the departments or business units that are part of your ISMS scope.

In section 3.4 you could say that only the assets that belong to before mentioned departments are included in the scope, but you should specify which interfaces exist between those assets and assets that are out of the scope. For example, for a local network the interface is a router or some other device that separates your network from the outside world; for an office space the "interface" is a door.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community