We have one question about the ISMS scope:
Our owner/parent company (XXXXX) is also our supplier for several IT services (e.g. network). They define rules and settings that automatically apply to us (in their role as owner). However in their role as supplier they would have to adhere to the standards we (subsidiary = YYYYY) set for them, correct? How should we formulate this in our ISMS Scope and how should we treat it in the SOA? And are there any recommendations regarding how such a relationship should be clearly formulated in an SLA?