Scope of the ISMS

Organisations often have problems defining their scope or choose a scope that it too ambitious with too short an implementation time. Failure to concisely define the scope or to allow it to 'creep' is often an early signal that certification failure is close. Any organisation can define any part of their organisation (e.g. department, location or function) for certification. Once the scope is defined anything crossing the boundary of the scope must have its risk assessed as it crosses the boundary of the scope.

An Introduction To Information, Network and Internet Security
Scope of the ISMS Organisations often have problems defining their scope or choose a scope that it too ambitious with too short an implementation time. Failure to concisely define the scope or to allow it to 'creep' is often an early signal that certification failure is close. Any organisation can define any part of their organisation (e.g. department, location or function) for certification. Once the scope is defined anything crossing the boundary of the scope must have its risk assessed as it crosses the boundary of the scope.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security