SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Scope definition

  Quote
Guest
Guest user Created:   Jun 21, 2023 Last commented:   Jun 21, 2023

Scope definition

Our company has about 50 employees and we develop and manufacture a product with both software and hardware components.

Do we include in the scope document the back-office systems that are used for HR, Marketing, Sales, Finance (inc salaries), and CRM?

I would assume that our customers will not be interested in that but are rather focused on ISO 27001 referring to product-related-systems like R&D, Software development, Manufacturing. And also us protecting their medical information that might be stored on the device.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 21, 2023

For companies of your size, our recommendation is to include all the organization in the Information Security Management System (ISMS) scope (i.e., you need to include all the systems you listed in the scope) because the effort to separate what is and what is not part of the scope is not worth it.

For further information, see:

This material can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2023

Jun 20, 2023

Suggested Topics

Guest user Created:   Sep 27, 2022 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   Jul 17, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope definition