Guest user Created: Jun 27, 2017 Last commented: Jun 27, 2017

Scope definition

I work in a company where the "main" asset is a software and its database. Can I set the scope only for the software 's database or do I need to scope also the mechanisms that process that data?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 27, 2017

Answer: You cannot set only the software's database as your scope. An ISMS scope should be defined in terms of processes, organizational units or physical locations. Considering this, a suggestion is that you define your scope in terms of the department that handles the development and/or production of that software/database. Another way you can use is set the scope for your whole company, this is the best solution for smaller companies (e.g. up to 50 employees).

These articles will provide you further explanation about Scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding Scope definition :
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 27, 2017

Expert Advice Community