Hello, I'm am currently writing ISMS scope document, and I have a few questions:
# section 1
- What does the term "users" refer to? All the parties under the scope of the certification, or only the persons who need to maintain and make decisions related to these documents?
# section 3.4
- If we keep the employees' laptops (provided by the company) within the scope of the certification, will this imply some restrictions as to what the employees can do or install on their company's laptop?
- If we do exclude students from the scope, does it imply that they will have a restricted access to the company's data?