Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

27001 Scope

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

27001 Scope

« My organisation cut across 4 primary physical locations. For the purpose of our isms, we have include only two locations. My challenge is that I have departments with teams cut across the 4 locations. The teams don't have duplicating functions but they all input into each other. Hence how can I successfully de-scope such units." 
0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Guest post Jan 12, 2016

There might be a serious problem with this ‘reduced’ scope for the ISMS. Due to the need for connexion with the two other sites, the reduced ISMS scope might be ’not feasible’. This decision should be reviewed and justified.

You may consider the two other sites as ‘external’, but the complexity is in the close interactions ‘in/out/in-out’ that is continuous or at least continual. When describing the scope, you should also clearly describe what is ‘in’ and what is ‘out. 

When there are connections with other entities (be they from the same company or ‘external’) you should identify and describe the interfaces with the associated risks of information coming in and going out. Identifying the communic ation channels and the associated risks is also important, depending on the responsibility for protection the ISMS scope has. In your case, you have to use both directions.

In any case, it is easier to have all the 4 locations within the scope.

 This post on the blog can also help you: Problems with defining the scope in ISO 27001:
 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Guest user Created:   Sep 06, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Scope Document

Guest user Created:   Feb 16, 2022 ISO 27001 & 22301
Replies: 3
0 0

ISO 27001 Scope

Guest user Created:   Mar 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Scope change