Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Scope

  Quote
Guest
Guest user Created:   Sep 18, 2023 Last commented:   Sep 18, 2023

Scope

In the case of a group of three companies (A, B, C), company A is to be certified. All three companies have their own, independent customers and suppliers. The servers and network components of all three companies are located in the data center of company A. How must the SCOPE of company A be described if the servers and network components of companies B and C are NOT to be part of the certification?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 18, 2023

In this scenario, you can simply state in the ISMS scope document, section 3.4 Exclusions of the scope, that servers and networks related to companies B and C are not part of the ISMS scope.

You can access the ISMS scope for editing by clicking on the “Compliance” link in the left-side panel and then “Implementation steps.” From there, you can access the step related to the ISMS document scope and edit it.

For further information, see all you need to know about setting the ISO 27001 scope.

This tool for defining the ISO 27001 ISMS scope can also help you.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 18, 2023

Sep 18, 2023

Suggested Topics

Guest user Created:   Oct 21, 2023 ISO 27001 & 22301
Replies: 1
0 0

Exclusions of the ISMS scope

Guest user Created:   Oct 06, 2023 ISO 27001 & 22301
Replies: 1
0 0

Certification scope

Guest user Created:   Sep 30, 2023 ISO 27001 & 22301
Replies: 1
0 0

Environment and Scope