Guest user Created: Aug 12, 2019 Last commented: Aug 12, 2019

Scope definition

Es cierto que una empresa puede certificarse en ISO 27001 sólo en una parte de la organización?, es decir por ejemplo sólo el área de Sistemas?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 12, 2019

Is it true that a company can be certified in ISO 27001 only in a part of the organization? That is, for example, only the Systems area?

Answer:

Your understanding is correct. The ISMS scope can cover all organization, or only specific locations, processes or information.

The main point when considering this approach is the effort required to keep the ISMS scope separated from the rest of the organization's elements (for small and mid-sized organizations many times the effort is not worthy, and it is better to include all the organization in the ISMS scope)

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- How to s et the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 12, 2019

Expert Advice Community