Questions regarding the ISMS scope document
Assign topic to the user
Answer: You should specify in section 3.2 of your ISMS Scope document all the departments or business units that are part of your ISMS scope.
In section 3.4 you could say that only the assets that belong to before mentioned departments are included in the scope, but you should specify which interfaces exist between those assets and assets that are out of the scope. For example, for a local network the interface is a router or some other device that separates your network from the outside world; for an office space the "interface" is a door.
Comment as guest or Sign in
Jan 12, 2016