Example/sample ISMS scoping

statements



Sample 1
The Information Security Management System (ISMS) applies to the provision of
trusted and managed information security services to internal and external
customers of <ORGANIZATION> in accordance with the ISMS Statement of
Applicability revision xx, dated xx-xxx-xxxx
Sample 2
As stated in the Information Security Management System (ISMS) Statement of
Applicability, revision xx, dated xx-xxx-xxxx, the ISMS encompasses
<ORGANIZATION>s Information Technology Division Office, Computer Lab,
Storehouse and Computer Classroom, covering business activities relating to the
provision of operation, maintenance and management of Internet and Web
services and systems.
Sample 3
The provision of e-Business solutions that are fully integrated to deliver the
complete process and management of e-Business components including:
workflows; contacts; e-mail; bulletin boards; news; events; traffic analysis and
audits on a secure hosted platform, 24 hours a day, 365 days a year, as per the
Statement of Applicability approved by senior management on xx-XXX-xxxx.


Note: be aware that if you narrow the scope of your ISMS, you are also going to:
(a) Reduce the implementation costs to some degree, although you will still
need to implement a comprehensive management system to be certified
compliant to ISO/IEC 27001;
(b) Reduce the business benefits compared to a more broadly-scoped ISMS;
and
(c) Have to define security interfaces for information flows and processes that
span or extend beyond the in-scope area to the remainder, since
everything outside the scoped area is relatively untrustworthy.