I have a basic Scope question that I am trying to understand and thinking that you might be able to help me.
1 - What do we really mean when we say that something is Included in the ISMS scope? Does that mean that everything in the ISMS then need to be applicable to the organization, site and processes in the scope? Or if not, this needs to be described in the ISMS somewhere? (for example if we have a sales process and this sales process doesn’t applies to an office that we say is in scope then we need to document this in the ISMS?
2 - Could we exclude offices/departments from the ISMS because we don’t share the same Core processes if we at the same time share support processes (HR process and some IT processes for example) and steering processes?