Expert Advice Community

Guest

Scope extension

  Quote
Guest
Guest user Created:   Nov 27, 2018 Last commented:   Nov 27, 2018

Scope extension

I need some tips in expanding the ISO 27001:2013 scope. We are certified but would like to extend the scope to include another entity of our firm. Could you please assist I’m sharing some tips of dos and donts to consider. Also, do I have to do the security metrics and risk treatment again?
0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 27, 2018

Answer:

To extend the ISMS scope you have to perform all the steps as if you were implementing the ISMS for the first time, in an scale equivalent to the size of this extension.

While you will have less effort related to common requirements such as document and record control, internal audit and management review, the effort for the risk assessment and treatment will depend on how similar this extension is to the current scope. If they are similar you may use existent controls and security metrics with only minor adjustments.

This article will provide you further explanation about implementing ISO 27001 (the concepts are the same for scope extension):
- ISO 27001 implementation checklist https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

These materials will also help you regarding implementing ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/d-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 27, 2018

Nov 27, 2018

Suggested Topics

Guest user Created:   Apr 21, 2020 ISO 27001 & 22301
Replies: 1
0 0

Advice on dividing workload

Guest user Created:   Mar 24, 2017 ISO 27001 & 22301
Replies: 2
0 0

Expanding ISMS scope