Guest user Created: Jul 23, 2018 Last commented: Jul 23, 2018

Scope definition

I’m currently completing the ISMS Scope Document for ISO27001. For section 2.4 Networks and IT infrastructure, how detailed does the list have to be? For instance do I have to name each server included in the scope, if so the document will be several pages long as the company I work for is a global business or would it be sufficient to say 40 servers, 3 switches, 5 active directories etc.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 23, 2018

Answer: Regarding section 2.4 of the ISMS scope document, you do not have to state each asset of IT infrastructure separately. It is sufficient to state the type of assets as you mentioned. It is also important to include the networks involved (e.g., Organization's LAN, or data center sub-network).

Included in the template there are comments with examples you can use to define your ISMS scope.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 23, 2018

Expert Advice Community