In this tutorial video I show you how to implement ISO 27001 Determining Scope Of The Information Security Management System and pass the audit.
Resources and Links
____________________________________________
► Download the Ultimate ISO 27001 Toolkit: hightable.io/product/iso-2700...
► Read the blog that accompanies the video: hightable.io/iso-27001-clause...
____________________________________________
This step by step tutorial walks you through how to implement it, pass the audit, common mistakes people make and what an auditor will look for.
The ISO 27001 standard was updated in 2022 with changes to ISO 27001 Determining Scope Of The Information Security Management System and this the ISO 27001:2022 updated changes to Clause 4.3 and exactly what do you need to do.
ISO 27001 Clause 4.3
ISO 27001 Scope is one of the most important steps in implementing ISO 27001 for ISO 27001 certification. It sets out the scope statement that will appear on your ISO 27001 certificate and it defines the boundaries of what your information security management system (ISMS) will cover, and what it won't cover. Getting this wrong can cost you a lot of time and money.
Chapters
00:00 Introduction
00:42 Determine ISO 27001 Scope Blog
01:16 How to determine ISO 27001 Scope
01:47 Why we narrow the scope
02:42 The way we go about it
03:24 The purpose of this ISO 27001 Clause 4.3
03:47 The definition of ISO 27001 Clause 4.3
05:30 The requirement of ISO 27001 Clause 4.3
06:00 ISO 27001 Clause 4.3 Templates
06:48 The steps to define ISO 27001 scope
08:09 The documentation required
10:16 Example ISO 27001 Scope Statement
11:20 How to pass an audit of ISO 27001 Clause 4.3
11:32 3 Things an Auditor will check
12:38 3 Mistakes that people make
14:04 Who is responsible for ISO 27001 Clause 4.3
14:38 Conclusion
How to implement ISO 27001 Clause 4.3
To implement the scope you first need to agree on your ISO 27001 Scope Statement.
The scope statement appears on the ISO 27001 certificate and is what the external auditor will audit you against.
To work out what your ISO 27001 scope statement is you will consider the products and services you deliver and identify which ones you need certification for.
In addition you will look at your customer contracts and understand you customer requirements for certification. What are you being asked for? What contract for what service relies on you having ISO 27001 certification?
Once you have agreed your ISO 27001 scope statement you will then define the boundaries of the information security management system (ISMS). To do this you will document everything that you have and then document what is in scope and what is out of scope across your
- people
- premises
- technology
- systems
- networks
- suppliers
SUBSCRIBE / @stuartbarker
- - - - - - - - - -
#iso27001 #isms