Guest user Created: Oct 19, 2017 Last commented: Oct 19, 2017

Scope definition

Our company has different business units in the same building. Some are at the same office room. Can we exclude these business units from the scope, or are we obligated to add them in the scope?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Oct 19, 2017

Answer: You can exclude business units you do not consider relevant to be part of the ISMS scope (they would be treated as external parties), but you should evaluate if the administrative and operational effort resulting from this separation wouldn't be greater than considering some or all units as part of the scope. For example, business units operating on a different floor are easily to segregate, but for those in the same office room the segregation effort probably wouldn't be worthy.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Oct 19, 2017

Expert Advice Community