Expert Advice Community

Guest

Scope

  Quote
Guest
Guest user Created:   Jun 23, 2021 Last commented:   Jun 23, 2021

Scope

I'm in the process of defining the scope definition according to ISO 27001 for a company whose core business process is based on the analysis of data. The IT infrastructure is entirely based on the cloud (PaaS) and the company has dedicated physical location. This is a small size organization (20+ people) and work remotely by connecting to the cloud. the cloud is not public and it is for our holding company. also holding provide human resource for our company.

therefor:
Organizational scope: Developer, Operation, supporting team
information and technologies scope: only technical services that used in cloud and did not refer to OS, VM, physical sever ,...
Physical Scope: Only scope of related to our company

that's right?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 23, 2021

For organizations with up to 50 employees, the best approach is to include all the organizations in the ISMS scope, because in this situation in the majority of cases the effort to separate elements in the scope from those out of it is not worthy.

When the organization uses a third-party Platform-as-a-Service, the data and all application software should be included in the ISMS scope, while everything else is out, including all system software.

These articles will provide you a further explanation about scope definition:

These materials will also help you regarding scope definition:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jun 23, 2021

Jun 23, 2021

Suggested Topics

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope of ISMS

Guest user Created:   Sep 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

Scope in Conformio