Scribd
Upload
107 views4 pages

ISMS Scope Definition Guide

This document defines the scope of the organization's Information Security Management System (ISMS) by outlining the included processes, organizational units, locations, networks, and exclusions. The purpose is to clearly identify the boundaries of what information and systems will be protected by the ISMS. The scope includes specific services, business processes, organizational units, locations, and network infrastructure. It also defines exclusions outside the ISMS scope. The document owner is responsible for annual reviews and updates to ensure an accurate and effective definition of the ISMS scope.

Uploaded by

pakistanits servicedesk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
107 views4 pages

ISMS Scope Definition Guide

This document defines the scope of the organization's Information Security Management System (ISMS) by outlining the included processes, organizational units, locations, networks, and exclusions. The purpose is to clearly identify the boundaries of what information and systems will be protected by the ISMS. The scope includes specific services, business processes, organizational units, locations, and network infrastructure. It also defines exclusions outside the ISMS scope. The document owner is responsible for annual reviews and updates to ensure an accurate and effective definition of the ISMS scope.

Uploaded by

pakistanits servicedesk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

[organization logo]

[organization name]

ISMS SCOPE DOCUMENT

Code:

Version:

Date of version:

Created by:

Approved by:

Confidentiality level:
[organization name] [confidentiality level]

Change history
Date Version Created by Description of change

YYYY-MM- 0.1 Abdullah Basic document outline


DD

Table of contents
1. PURPOSE, SCOPE AND USERS................................................................................................................. 3

2. REFERENCE DOCUMENTS....................................................................................................................... 3

3. DEFINITION OF ISMS SCOPE................................................................................................................... 3

3.1. PROCESSES AND SERVICES..............................................................................................................................3


3.2. ORGANIZATIONAL UNITS..............................................................................................................................3
3.3. LOCATIONS...............................................................................................................................................3
3.4. NETWORKS AND IT INFRASTRUCTURE............................................................................................................3
3.5. EXCLUSIONS FROM THE SCOPE......................................................................................................................4

4. VALIDITY AND DOCUMENT MANAGEMENT............................................................................................ 4

ISMS Scope Document Page 2 of 4


[organization name] [confidentiality level]

1. Purpose, scope and users


The purpose of this document is to clearly define the boundaries of the Information Security
Management System (ISMS) in [organization name].

This document is applied to all documentation and activities within the ISMS.

Users of this document are members of [organization name] management, members of the project
team implementing the ISMS, and .

2. Reference documents
 ISO/IEC 27001 standard, clause 4.3
 [Project Plan document for ISO 27001 implementation]
 List of legal, regulatory, contractual and other requirements

3. Definition of ISMS scope


The organization needs to define the boundaries of its ISMS in order to decide which information it
wants to protect. Such information will need to be protected no matter whether it is additionally
stored, processed or transferred in or out of the ISMS scope. The fact that some information is
available outside of the scope doesn't mean the security measures won't apply to it – this only means
that the responsibility for applying the security measures will be transferred to a third party who
manages that information.

Taking into account the legal, regulatory, contractual and other requirements, the ISMS scope is
defined as specified in the following items:

3.1. Processes and services

[specify the services and/or business processes which are included in the scope]

3.2. Organizational units

[specify the organizational units which are included in the scope, and how they are separated from
the organizational units that are not included in the scope]

3.3. Locations

[specify the locations which are included in the scope, and how they are separated from the locations
that are not included in the scope]

3.4. Networks and IT infrastructure

[specify the networks and related IT infrastructure that are included in the scope, and how they are
separated from the networks not included in the scope]

ISMS Scope Document Page 3 of 4


[organization name] [confidentiality level]

3.5. Exclusions from the scope

The following is not included in the scope: [specify individual organizational elements/resources
which are to be specifically excluded from the scope].

4. Validity and document management


This document is valid as of [date].

The owner of this document is [job title], who must check and, if necessary, update the document at
least once a year.

When evaluating the effectiveness and adequacy of this document, the following criteria need to be
considered:

 number of incidents arising from unclear definition of the ISMS scope


 number of corrective actions taken due to an inadequately defined ISMS scope
 time put in by employees implementing the ISMS to resolve dilemmas concerning the
unclear scope

[job title]
[name]

_________________________
[signature]

ISMS Scope Document Page 4 of 4

You might also like