| Defining your ISMS scope

Defining your ISMS scope

Defining your Scope
Correctly scoping a project is a crucial first step in any initiative.

ParkinsonHowe will review how security has been implemented in the organisation to determine what requirements are needed to provide a resilient environment in which to operate. We will review the following:

  • What is determined as critical information;
  • What controls are currently in place;
  • What controls are being implemented;
  • Have customer contracts or service levels been included in your security requirements;
  • What are the timescales for implementing the security scope

Once the above has been conducted it is vital to determine a workable and realistic scope.

All services and operations conducted from all offices and locations within the UK
This is not necessarily the scope for compliance or certification. An orgainisation made determine that all offices, locations and department should have a business continuity plan.

However for compliance or certification a reduced scope may well be documented. Some examples are as follows:

  • The provision of business continuity & information security management services in relation to the management and administration of business continuity services
  • The provision of design, implementation and support services for IT infrastructure