Regarding the implementation of the ISO 27001 standard, we are in the process of determining the scope.
Our company deals with the following areas:
1. development of IT solutions,
2. digitization of documents,
3. hosting and
4. by keeping a paper archive of our clients.
It is clear to us that the first three areas need to be in scope. It is not clear to us whether there should be a paper archive in the scope.
We would appreciate advice on this issue.
Assign topic to the user
Expert
Rhand Leal
Sep 23, 2021
The paper archive will need to be part of the ISMS scope if it contains information you want your Information Security Management System to protect.
For example, if the paper archive contains employees’ information, and you want the ISMS to protect only customer information, then the paper archive does not need to be part of the ISMS scope.
These articles will provide you a further explanation about defining the ISMS scope:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This material can also provide more information:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Sep 23, 2021
Sep 23, 2021
Sep 23, 2021