![]() Protip: If you’re a remote-based company, it’s entirely plausible that you won’t have a physical office space, and this part of the ISO27001 standard, will be out of scope. You should also define the assets which are in scope, which should include laptops, desktop computers, mobile phones, and servers, whether that’s your own hardware, or something hosted in the cloud.Īnything which could be used to view, process, edit, or remove customer data should be considered as within scope (assets, servers, etc), including the office spaces in which business is conducted. ![]() This includes the treatment of customer data, employee data, and any physical data stored. Your ISMS Scope document should start with you outlining your business's approach to how all data is protected. The scope document itself, however, is a single document. To make this post easier to follow, I’ve broken the ISMS scope up into three parts. ![]() Click here to purchase a copy of the ISO27001 standard. If you don’t own a copy of the ISO27001 standard yet, you’re going to need to get yourself a copy. Simple right?ĭefining what should, and what should not be included within Scope, is written within Clause 4.3 of the ISO27001 standard. The simplest way to think about the ISMS Scope is that it should be a written definition of the data that you’re trying to protect, and where it lives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |