LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Scope change

  Quote
Guest
Guest user Created:   Apr 17, 2018 Last commented:   Apr 17, 2018

Scope change

We have recently gained ISO27001 certification (helped very much by your various webinars and on line videos! )
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 17, 2018

However, since gaining this a few months ago we are now looking at expanding and opening up some additional rented office space in another location. I believe this may affect A.11 in the statement of applicability? I am wondering if I need to notify our certification body (if and when it happens) and we may have to update our SOA or if we can wait until our next scheduled surveillance audit in 9 months time?

Answer: This new office will indeed affect your ISMS, and maybe not only controls of section A.11, and the best way to understand its impacts, and what must be adjusted in your SOA, is by performing a risk assessment considering how this new office will be related to the ISMS scope (e.g., this new office will be included in the scope, or it will be considered an new interface). For more information, please see this article:
- How to define the ISMS scope https://advisera.com/27001academy/01academy/knowledgebase/how-to-define-the-isms-scope/

Regarding the certification body, you have to notify them as soon as possible about your intentions, so they can evaluate if changes should be performed in the surveillance audit schedule.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 17, 2018

Apr 17, 2018

Suggested Topics

Guest user Created:   Mar 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Scope change

Guest user Created:   Oct 28, 2019 ISO 27001 & 22301
Replies: 1
0 0

ISMS scope change