ISO27001/ISO27002 A Pocket Guide, 2nd edition

CHAPTER 11: CONTEXT, POLICY AND SCOPE

The first planning step is the scoping exercise.

The scoping requirement is contained in Clause 4.3) of ISO27001. The requirement is that the organisation will ‘determine the boundaries and applicability of the information security management system to establish its scope [taking into consideration] external and internal issues, the requirements [of interested parties, and] interfaces and dependencies between activities performed by the organisation, and those that are performed by other organisations’.

This is built upon the understanding of the organisation and its context, as well as the expectations of interested parties. Clause 4.1 states that the organisation ‘shall determine external and internal issues ...

Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001/ISO27002 A Pocket Guide, 2nd edition by Alan Calder

CHAPTER 11: CONTEXT, POLICY AND SCOPE

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly