Scope for a company that provides IT services outsourcing
Assign topic to the user
Answer:
From my point of view, such information should be included in the ISMS scope, and therefore risk management should be performed for that information. This article about the scope can be interesting for you "How to define the ISMS scope" : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
By the way, there is an standard related to the information security in the cloud, which is ISO 27017, so this article can be interesting for you “ISO 27001 vs. ISO 27017 – Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
Finally, maybe our online course about foundations of ISO 27001 can be interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 11, 2016