Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Scope confirmation

  Quote
Guest
Guest user Created:   Feb 27, 2021 Last commented:   Feb 27, 2021

Scope confirmation

I´m taking your ISO 27001 course. Very impressive.

As far as I understood... the ISMS applies in services/departments not in a final product.

Can you give me an opinion about the scope below?

"The management of information security in the provision of all products and services at all locations, within all business units of xxx Corporation"

The xxx company is a very small-sized company with just 08 employees.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 27, 2021

First it is important that scope is defined in two different places - (1) in the ISMS scope document, where the specification needs to be much longer since you need to define what is in and what is out of the scope, and (2) in the scope sentence displayed on your certificate - that scope you need to define together with your certification body.

Further, your suggested scope focuses on 'management of information security' which does not make much sense because this would mean that you want to implement security only for your security activities, and not support your regular/business activities and information.

To see how an ISMS scope document compliant with ISO 27001 looks like, please access the free demo of our ISMS Scope document at this link: https://advisera.com/27001academy/documentation/isms-scope-document/

These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 27, 2021

Feb 27, 2021