Scope definition

The company I am helping have a simple function; they have developed, maintain with ongoing R&D and service through Customer Support a SaaS which is placed on line.

They also conduct Marketing & Sale activities as well as internal finance and internal HR.

They want their scope to be restricted to:

The processes and services that are in scope are to be the development, operation, administration and customer support of the Software as a Service platform ‘Human Resources Management System’, provided by XXXXX HR.

The other functions, M&S, Finance and internal HR they want to be out of scope.

The issue is that they occupy a single open plan office.

Question: Is the desired scope likely to achieve certification?

Answer: You can limit your ISMS scope to your business core offering, but for small and medium-size organizations usually it is better to include all the organization in the ISMS scope, because the effort to manage a scope that covers only part of the organization is not worthy.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

2 - Following on, may we schedule a skype call for Wed PM UK Time please?

Answer: To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

We will contact you to confirm your suggested schedule or offer an alternative at your convenience.