1 - What do we really mean when we say that something is Included in the ISMS scope? Does that mean that everything in the ISMS then needs to be applicable to the organization, site, and processes in the scope? Or if not, this needs to be described in the ISMS somewhere? (for example, if we have a sales process and this sales process doesn’t apply to an office that we say is in scope then we need to document this in the ISMS?
The meaning of something being included in the ISMS scope is that this thing is information, or something related to information, that the organization wants to protect.
For example, if customer information is in the ISMS scope, then it means that this information needs to be protected. In case a sales process is in the ISMS scope, it means that all kinds of information related to the sales process need to be protected.
In your example, in case the sales process is not related to any information you want to protect (those related to the office you mentioned), you do not need to include it in the ISMS scope (or you can explicitly state that the sales process is out of the ISMS scope).
For further information, see:
2 - Could we exclude offices/departments from the ISMS because we don’t share the same Core processes if we at the same time share support processes (HR process and some IT processes for example) and steering processes?
Yes. The ISMS scope can be defined in terms of only part of the organization, but please note that for small organizations of up to 100 employees, it is better to define that all organization is part of the scope, because the effort to separate the elements that are in and out of the ISMS scope may not be worthy.
This article will provide you with further explanation about the scope definition: