Guest
Questions regarding the ISMS scope document
If I am getting ISO 27001 certification for a project within an organisation, what should I put under Section 3.2 Organisational Units. Also for Section 3.4 Networks and IT Infrastructure, can I say that "Only the assets that belong to the project are included in the scope".
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: You should specify in section 3.2 of your ISMS Scope document all the departments or business units that are part of your ISMS scope.
In section 3.4 you could say that only the assets that belong to before mentioned departments are included in the scope, but you should specify which interfaces exist between those assets and assets that are out of the scope. For example, for a local network the interface is a router or some other device that separates your network from the outside world; for an office space the "interface" is a door.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016