Skip to content
Log in

ISMS scope

Definition

The explicit boundaries of the management system: which organisational units, sites, processes, and information assets are covered. Defined under ISO/IEC 27001 clause 4.3 and must be documented. The scope determines which risks must be assessed and which controls apply.

Related terms

Annex A
The normative annex to ISO/IEC 27001 that lists 93 information security controls across four themes: organisational (37 controls), people (8), physical (14),...
Continual improvement
The ISO/IEC 27001 requirement (clause 10) that the organisation must actively improve the suitability, adequacy, and effectiveness of the ISMS over time....
Management review
The annual governance meeting required under ISO 17025 Clause 8.9, at which laboratory management reviews the aggregated quality performance data (PT results,...
Risk treatment plan
A document that records, for each identified risk, the chosen treatment option (accept, avoid, transfer, or reduce), the specific controls selected to...
Statement of Applicability (SoA)
A mandatory document listing every ISO/IEC 27001 Annex A control with a statement of whether it is included or excluded, the justification...

Explained in

  • Designing and Implementing an ISMSThe explicit boundaries of the management system: which organisational units, sites, processes, and information assets are covered. Defined under ISO/IEC 27001...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account