Guest user Created: Mar 12, 2016 Last commented: Mar 12, 2016

Scope for a company that provides IT services outsourcing

The company provides IT services outsourcing therefore have codes sources or confidential customer information , such information should be part of my risk management ?

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Mar 12, 2016

Answer:
From my point of view, such information should be included in the ISMS scope, and therefore risk management should be performed for that information. This article about the scope can be interesting for you "How to define the ISMS scope" : https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

By the way, there is an standard related to the information security in the cloud, which is ISO 27017, so this article can be interesting for you “ISO 27001 vs. ISO 27017 – Information security controls for cloud services” : https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/

Finally, maybe our online course about foundations of ISO 27001 can be interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 11, 2016

Expert Advice Community