Guest user Created: Jan 25, 2017 Last commented: Jan 25, 2017

Scope definition

Thanks for your initiative to keep us active. I have a question, Can I limit my scope of certification of ISO27001 to Electronic Data? The scope of the certification is ““Confidentiality, Integrity and availability of electronic data; restricted access to electronic date.”

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 25, 2017

Can you advise on this, please?

Answer: The approach considered by certification bodies is that a proper scope statement can be defined based on processes, organizational units, or physical locations, not in the format of the information medium. Therefore, your scope statement cannot limit information to be protected to electronic data only.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 25, 2017

Expert Advice Community