Scope definition

Answer: I assume you are referring to choosing the organization's scope first. In this case my answer is yes. The scope definition, after getting management buy-in, is one of the most important things for your ISMS implementation, because it defines which information you intend to protect, where it is located and who handles it, which will directly impact in the effort and resources you will need.

2 - Does this still form part if ISMS?

Answer: The scope definition is a mandatory requirement in ISO 27001 (clause 4.3). Regarding Top-down approach, if you pay close attention , you will note the standard sections follow an implementation sequence, so the standard also considers scope definition as one of the first things to be done (just after understanding the organization, its context, and the needs and expectations of interested parties).

This article will provide you further explanation about scope definit ion:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

These materials will also help you regarding scope definition:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/