Guest user Created: Sep 23, 2021 Last commented: Sep 23, 2021

Scope of ISMS

Regarding the implementation of the ISO 27001 standard, we are in the process of determining the scope. Our company deals with the following areas: 1. development of IT solutions, 2. digitization of documents, 3. hosting and 4. by keeping a paper archive of our clients. It is clear to us that the first three areas need to be in scope. It is not clear to us whether there should be a paper archive in the scope. We would appreciate advice on this issue.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 23, 2021

The paper archive will need to be part of the ISMS scope if it contains information you want your Information Security Management System to protect.

For example, if the paper archive contains employees’ information, and you want the ISMS to protect only customer information, then the paper archive does not need to be part of the ISMS scope.

These articles will provide you a further explanation about defining the ISMS scope:

How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

This material can also provide more information:

How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 23, 2021

Expert Advice Community

Scope of ISMS

Scope of ISMS

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Documenting scope of ISMS

Scope of ISMS

ISO 27001 scope