ISO27001 / ISO27002 A Pocket Guide

CHAPTER 11: POLICY AND SCOPE

The first planning step is the scoping exercise.

The scoping requirement is contained in Clause 4.2.1.a) of ISO27001. The requirement is that the organisation will ‘define the scope and boundaries of the ISMS in terms of the characteristics of the business, the organisation, its location, assets, technology, and including details of and justification for any exclusions from the scope’.

References to ‘business’ anywhere in the standard ‘should be interpreted broadly to mean those activities that are core to the purposes of the organisation’s existence’.

The scoping exercise

A scoping exercise should determine what is within, and what is outside, the ISMS. The ISMS will, in effect, erect a barrier between everything ...

Get ISO27001 / ISO27002 A Pocket Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001 / ISO27002 A Pocket Guide by

CHAPTER 11: POLICY AND SCOPE

The scoping exercise

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly