Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Register of Requirements and scope

  Quote
Guest
Guest user Created:   Sep 01, 2023 Last commented:   Sep 01, 2023

Register of Requirements and scope

We like to have the development and QA departments of *** certified. But we like to include the hosting of our cloud service (which is done by our holding company) in all the documents already now. We have been advised to do so because we like to keep the scope small for the initial certification but extend it later. I'm now working at the Register of Requirements. How can I make transparent which requirements are for Dev/QA of *** and which are for the holding (in other words, what is in the certification scope and what's for later)?

Assign topic to the user

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

ISO 27001 ISMS SCOPE DOCUMENT

Define the boundaries of ISMS for ISO 27001.

Expert
Rhand Leal Sep 01, 2023

To identify in the register of requirements module which requirements would be applicable to the cloud service host, in the field “To what area is this requirement related?” you need to select the option “Managing security with suppliers and partners”. Additionally, you can write this information in the description field, together with the description of the requirement.

This way, it would be clear that the requirement is applicable to the cloud host.

Please note that when you define that something is in the scope, you can only “let it for later” if you accept all risks related to that element in the scope.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Sep 01, 2023

Sep 01, 2023

Suggested Topics