Define the scope of the ISMS

If the organisation is going to seek certification (either part of the organisation or all of it) or wishes to define an area of the organisation covered by the ISMS, then this scope must be defined. It is not necessary implement the same level of security for the whole organisation or offer the whole organisation for certification. Whatever the scope a formal definition of the scope of the ISMS is required.

It is usual that the existing organisation can be used as the basis for the scope, so that a new structure need not be defined. Typically the scope is defined in the following four headings as a minimum:

· Organisation - The organisation within the organisation that manages information security;

· Location - The location (or locations) encompassed by the ISMS;

· Assets - The assets (physical and logical) that are to be protected at each location in the scope;

· Technology - The technology (including hardware, networking, software and operating systems - where appropriate) employed in the scope offered for certification.

This process will produce the ISMS Scope Document.

An Introduction To Information, Network and Internet Security
Define the scope of the ISMS If the organisation is going to seek certification (either part of the organisation or all of it) or wishes to define an area of the organisation covered by the ISMS, then this scope must be defined. It is not necessary implement the same level of security for the whole organisation or offer the whole organisation for certification. Whatever the scope a formal definition of the scope of the ISMS is required. It is usual that the existing organisation can be used as the basis for the scope, so that a new structure need not be defined. Typically the scope is defined in the following four headings as a minimum: · Organisation - The organisation within the organisation that manages information security; · Location - The location (or locations) encompassed by the ISMS; · Assets - The assets (physical and logical) that are to be protected at each location in the scope; · Technology - The technology (including hardware, networking, software and operating systems - where appropriate) employed in the scope offered for certification. This process will produce the ISMS Scope Document.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security