Regarding the implementation of the ISO 27001 standard, we are in the process of determining the scope.
Our company deals with the following areas:
1. development of IT solutions,
2. digitization of documents,
3. hosting and
4. by keeping a paper archive of our clients.
It is clear to us that the first three areas need to be in scope. It is not clear to us whether there should be a paper archive in the scope.
We would appreciate advice on this issue.