Scope in Conformio
Thank you for offering assistance. We have started gathering interested parties and requirements.
We are struggling with the scope of this list.
For example, ISO9001 covers the “local community” as an interested party…. But I presume this is not applicable here because they have no interest in our ISMS and our ability to prevent a breach. If it is limited to people who have an interest in our ISMS and our ability to prevent a breach then it would be easier.
Our client may have concerns about our ability to keep the documentation and passwords that we possess on our systems safe from a breach.
But services we provide to them to keep them/their systems and data safe from a breach are not in scope I believe…? But we need to clarify that.
Any guidance you can offer would be greatly appreciated.
Assign topic to the user
In the context of ISO 27001, interested parties are any entities (e.g., persons or organizations) that can influence your information security, or that can be affected by your information security activities. Considering that, and your examples, “local community” wouldn’t be an interested party, while your client would be.
Regarding provided services, these are not part of the interested parties or interested parties’ requirements. They would be part of the ISMS scope, i.e., the elements of your organization you want to protect considering interested parties and their requirements
For further information, see:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
This material can also help you:
- ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Sep 14, 2021