We look at how to define ISO 27001 Scope, the ISO 27001 Scope Statement and a How to Create and ISO 27001 Scope Statement tutorial with step by step guide and video walkthrough.
How to define ISO 27001 Scope: Step By Step
When defining your scope be as clear as you can and include in your scope document the things that are in scope and the things that are out of scope. This is an extension to the scope statement and for your own management. Consider
Providing good documentation such as a Scope Document with associated architecture diagrams, technical documentation, network diagrams will enable you to define the boundaries of your ISO 27001 scope more clearly.
How to define ISO 27001 Scope
- List your products and services
Create list of all of your products and services. Use the names that your customers use and know them by.
- Choose the products and services that need ISO 27001 certification
From the list of all of your products and services choose the ones that customers are asking you about and / or the ones that you want to have and ISO 27001 certificate for.
- Identify the people, technology and premises that make up the chosen products and services.
List out the departments in the company, the technologies and the locations that make up the products and / or services that you want to have and ISO 27001 certification.
- Write a clear ISO 27001 scope statement
Write a clear statement that states the products and / or services and then clearly sets out the people, technology and locations that are in scope for the ISO 27001 certification.
ISO 27001 Scope Statement Tutorial
In this short tutorial we show you how to use the ISO 27001 Scope Statement