Assign topic to the user
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now 
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
ISO 27001 ISMS SCOPE DOCUMENT
Define the boundaries of ISMS for ISO 27001.
Get it now
Answer: Since part of the activities that were performed by your client are now under control of its managed service vendor it has to modify the scope to reflect this new situation. The main point to consider here is how much direct control the organizations has over the applications and databases hosted on the outsourced data center. For example:
- If the organization controls both the applications and databases (the data center only provides the physical and virtual machines), only the basic infrastructure of the datacenter should be excluded from the ISMS scope.
- If the organization uses the applications as a s ervice made available by the provider, only the organization's database should be included in the ISMS scope.
This article will provide you further explanation about Scope review:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
These materials will also help you regarding Scope review:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 30, 2017