Scope definition
Assign topic to the user
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now 
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
Would we have a scope of entire organisation, but exclude physical management and operation of the Helpdesk/Monitoring system and ensure some sort of ISO compliance from the Datacenter provider. I assume we would then write policy for our staff access to Datacenter/Helpdesk and Monitoring and have defined roles ?
Answer: I'm assuming that by excluding physical management and operation of the Helpdesk/Monitoring system you are referring to focus only on using the Helpdesk/Monitoring system (like a Software as a Service - SaaS).
Considering that, for the relation with the datacenter provider you should consider a service agreement, establishing clauses to ensure it will apply the security controls you require for your business (e.g., based on ISO 27001 and ISO 27017). These clauses should cover not only the policy for your staff to access the Datacenter/Helpdesk and Monitoring system and necessary roles, but also refer to other controls, like your right to audit the provider operation and receive periodic performance reports.
These articles will provide you further explanation about scope definition and supplier management:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
These materials will also help you regarding scope definition and supplier management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 17, 2018