Guest user Created: Jul 13, 2019 Last commented: Jul 13, 2019

Scope definition

I am currently in the process of certification under ISO 27001: 2013. I told you that we had a first audit (Phase I) by the certifying body, in which some findings arose, one of which was that we did not consider the interfaces and dependencies of the activities carried out by the company and other organizations (Requirements 4.3 liter C) .

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 13, 2019

It has been difficult for me to develop that point, since I do not quite understand it. I have investigated but it is not clear to me. I wish you could help me or show me some examples based on your knowledge and experience.)

Answer:

Without detailed information about your scope what we can do is provide general examples:
- In an e-commerce organization its website is considered the interface between the activities carried out by the organization and their customers. The web page of the Supplier Chain management software is the interface between the activities carried out by the organization and their suppliers
- Considering a data center, dependencies that must be considered are electrical and comm unication providers, as well as hardware manufacturers

This article will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
This material can also help you:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 13, 2019

Expert Advice Community