Scope definition and project planning
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: I'm assuming you are referring to SoA (Statement of Applicability). Considering that, it is possible that applicable controls in SoA are already implemented when the SoA is developed, but this is very unusual. In such situations you can use the risk treatment plan as an improvement tool to enhance the performance or efficiency of controls as needed.
2. As ISMS scope can be vary, how we forecast or plan the ISO27K's project timeline?
Answer: Once defined, the ISMS scope will probably not change, but to have an expectation about project budget and timeline you need to finish the risk treatment. Only after that you will know the timing and resources for the ISMS implementation.
These materials will provide you further explanation about Planning an implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- ISO 27001 Gap Analysis T ool https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project
3. If ISMS scope is only information that contained on paper, can computing system that printing the paper put out of scope?
Answer: Information security is about protection of information regardless where it is, so if the information you want to protect is either on paper and on computing systems, then both must be included in the ISMS scope.
These articles will provide you further explanation about defining scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding defining scope:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 23, 2018