BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Small questions about the implications of the scope of the ISO27001

  Quote
Created:   Feb 17, 2023 Last commented:   Feb 21, 2023

Small questions about the implications of the scope of the ISO27001

Hello, I'm am currently writing ISMS scope document, and I have a few questions:

# section 1

  • What does the term "users" refer to? All the parties under the scope of the certification, or only the persons who need to maintain and make decisions related to these documents?

# section 3.4

  • If we keep the employees' laptops (provided by the company) within the scope of the certification, will this imply some restrictions as to what the employees can do or install on their company's laptop?
  • If we do exclude students from the scope, does it imply that they will have a restricted access to the company's data?

 

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 21, 2023

# section 1

What does the term "users" refer to? All the parties under the scope of the certification, or only the persons who need to maintain and make decisions related to these documents?

The term “users” refers to all persons that need to use, consult or follow the rules and activities defined in the document.

# section 3.4

If we keep the employees' laptops (provided by the company) within the scope of the certification, will this imply some restrictions as to what the employees can do or install on their company's laptop?

Please note that assets (such as the laptops provided by the company) included in the ISMS scope need to be protected, so, depending on the assessed risks and applicable legal requirements, some restrictions may be applicable to the laptops.

If we do exclude students from the scope, does it imply that they will have a restricted access to the company's data?

There are two approaches to temporary workers that you exclude from the scope: (a) that you do not give them access to sensitive data (this is a preferred option for students), or (b) that you specify security clauses in their employment agreements (this is a preferred option for specialists - e.g., external auditors, accountants, lawyers, etc.).

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 17, 2023

Feb 21, 2023

Suggested Topics