Scope definition
Assign topic to the user
Answer: You can exclude business units you do not consider relevant to be part of the ISMS scope (they would be treated as external parties), but you should evaluate if the administrative and operational effort resulting from this separation wouldn't be greater than considering some or all units as part of the scope. For example, business units operating on a different floor are easily to segregate, but for those in the same office room the segregation effort probably wouldn't be worthy.
These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Comment as guest or Sign in
Oct 19, 2017