We've received the following question:
"We are running network and operation services (Network Service Desk) for clients. But i want to certify only my Network Service Desk for ISO 27001. Do all information assets including servers, application belongs to clients will come under scope or only those assets which are required to support Network desk service from my office premises. "
Answer:
The scope shall include assets and facilities you control and/or you need to provide your services. In your particular case, since the customer assets are not in or premisses neither you have complete control on them, you should not include them in the scope. But you include in scope the information you need to access those customer assets.
Hope it helps
Thanks
Assign topic to the user
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016