I'm in the process of defining the scope definition according to ISO 27001 for a company whose core business process is based on the analysis of data. The IT infrastructure is entirely based on the cloud (PaaS) and the company has dedicated physical location. This is a small size organization (20+ people) and work remotely by connecting to the cloud. the cloud is not public and it is for our holding company. also holding provide human resource for our company.
Organizational scope: Developer, Operation, supporting team
information and technologies scope: only technical services that used in cloud and did not refer to OS, VM, physical sever ,...
Physical Scope: Only scope of related to our company