Ensuring Your Information Security Management System (ISMS) Scope is Appropriate for ISO 27001:2013?
With the introduction of ISO 27001:2013 and changes being made to scoping requirements and the ‘context of the organization’, establishing an appropriate and meaningful scoping statement has taken on greater importance. With this in mind, URM has produced a ‘Viewpoint’ document providing its perspective on the scoping requirements of the updated Standard. URM’s Viewpoint looks at some of the historical issues relating to limited information security management system (ISMS) scopes as well as the changing requirements with the new Standard. The article assesses the impact that the changing requirements will have on the approach to scoping and on existing limited ISMS scopes e.g. including the need to align to with organisational objectives and the requirements of interested parties. URM’s Viewpoint concludes with a check list of 7 questions which every organisation will need to answer, especially those who are currently certified with a limited ISMS scope.
Please see here for more information.