Expert Advice Community

Guest

Scope in Conformio

  Quote
Guest
Guest user Created:   Sep 14, 2021 Last commented:   Sep 14, 2021

Scope in Conformio

Thank you for offering assistance. We have started gathering interested parties and requirements. 

We are struggling with the scope of this list. 

For example, ISO9001 covers the “local community” as an interested party…. But I presume this is not applicable here because they have no interest in our ISMS and our ability to prevent a breach. If it is limited to people who have an interest in our ISMS and our ability to prevent a breach then it would be easier. 

Our client may have concerns about our ability to keep the documentation and passwords that we possess on our systems safe from a breach.

But services we provide to them to keep them/their systems and data safe from a breach are not in scope I believe…? But we need to clarify that. 

Any guidance you can offer would be greatly appreciated.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 14, 2021

In the context of ISO 27001, interested parties are any entities (e.g., persons or organizations) that can influence your information security, or that can be affected by your information security activities. Considering that, and your examples, “local community” wouldn’t be an interested party, while your client would be.

Regarding provided services, these are not part of the interested parties or interested parties’ requirements. They would be part of the ISMS scope, i.e., the elements of your organization you want to protect considering interested parties and their requirements

For further information, see:

This material can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 14, 2021

Sep 14, 2021

Suggested Topics

Guest user Created:   Jul 17, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   Mar 16, 2017 ISO 27001 & 22301
Replies: 1
0 0

Cloud risks