Guest user Created: Feb 22, 2018 Last commented: Feb 22, 2018

Scope definition

Hello, I would like to ask a question about the ISO 27001 scope. I work in an organisation with about 50 employees. Is it possible to narrow the scope only to the IT department? the IT department is separated from the other departments (IT is on the first floor, the other departments on the second floor).

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 22, 2018

Answer: You can limit the scope only to the IT department, but considering the size of your organization it is better to include all organization in the ISMS scope, because the effort that will be required to keep the separation may be greater than the effort to implement and maintain the ISMS for the whole organization.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small- Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 22, 2018

Expert Advice Community