Assign topic to the user
I assume you refer to our free download "Twelve-step transition process from ISO 27001:2005 to 2013 revision"?
An interface is something that stands between your ISMS and the outside world - for example, if room A is within the scope, and room B is out of the scope, then the door between those two rooms is an interface; if you have two segments on your local network, the network device that is in between them is an interface. Therefore, your ISMS scope has various interfaces as borders to the outside world.
See also this article: Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
Hi
Thank you for the answer,
In implementation standard 2013 revision we should define interfaces, but what benefits of definition interfaces?
What help can do it in Implementation process?
Interface helps you define the exact border of what is within your ISMS scope and what is outside of your scope. For example, if room A is within your scope and room B is outside of the scope, then you will apply all the physical security controls to the room A, but not to the room B.
If you have a hall between those two rooms, defining the interface precisely will help you decide whether the hall is included in the scope or not.
The interface is limited to network devices or Communications equipment ?
So, is the interface (e.g. a router or a firewall at the gateway), outside the scope or within the scope?
The interface can be a network device, but it could also be physical interface - e.g. a door.
As the last item within your ISMS scope you should set a device which you directly control - e.g. if the last device you control is the firewall, and the router is controlled by your telecom provider, then the firewall is within your scope (and it acts as an interface to the outside world), whereas the router is outside of the scope.
Namely , If I understood In Our organization has several buildings ,and I must define doors and firewalls as a interface. And nothing else !?
Without a detailed on-site analysis I cannot tell you which kind of interfaces you have to the outside world, this is something you should analyze alone.
If you are in doubt with a particular interface, you can ask me about it in this thread.
thanks, but I completely confused how to define interface?
our organization have 5 buildings which connected together and other organizations with router and firewalls.
I defined Firewall, routers and doors of building as a interfaces. but I am not sure this issue.
Can you tell me except of the firewall and walls , .... we can specify whether Interfaces?
in fact please give me Some examples of interfaces other than the Firewall.
sorry , and Our 5 buildings defined in ISMS scope of organization.
Comment as guest or Sign in
Jan 12, 2016