Expert Advice Community

Guest

Specifying excluded controls as exclusions in the ISMS Scope document

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Specifying excluded controls as exclusions in the ISMS Scope document

In paragraph 3.5 Exclusions of the ISMS scope document should not go further excluded controls?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

ISMS scope document can only exclude certain departments, processes, locations or assets of your organization. However, for those departments/processes/locations/assets that remain within the scope, you cannot exclude the controls in this phase - the decision whether to apply or exclude controls can be made only after the risk assessment & treatment is finished.

The point is - the controls can be excluded only if there are no risks which would require such controls. Read more here: ISO 27001 risk assessment & treatment – 6 basic steps

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Jun 10, 2024 ISO 27001 & 22301
Replies: 1
0 0

Non-mandatory documents

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents