Can we choose the Scop of ISMS for IT department only? If cant, how long it takes to get certified
Assign topic to the user
You can define the scope in terms of only part of the organization (i.e., IT department), but in general, for small and mid-sized businesses, the best approach is to include the entire organization in the ISMS scope, because the effort to separate the scope for such organizations may not be worthy.
These articles will provide you with further explanation about the scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
These materials will also help you regarding the scope definition:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
Regarding implementation time, it may take a couple of months for smaller companies and up to more than a year for larger organizations. You can use these values as an initial reference:
- Companies of up to 20 employees – up to 3 months
- 20 to 50 employees – 3 to 5 months
- 50 to 200 employees – 5 to 8 months
- More than 200 employees – 8 to 20 months
For further information, see:
- Time, effort, and roles for the implementation https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/#effort
Comment as guest or Sign in
Apr 06, 2023