Scribd Logo
Upload

Welcome to Scribd!

  • 374 views

    Isms Scope Document: Change History

    Uploaded by

    Ahmad Nawaz
    This document defines the scope of Touchstone's Information Security Management System (ISMS). The ISMS scope includes all organizational processes, services, units, and locations. The only exclusions are private devices, temporary students, and third-party cloud infrastructure. The document was created by Ahmad Nawaz, approved by him, and is valid as of January 1, 2022. It will be reviewed at least every 6 months by the head of compliance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Isms Scope Document: Change History

    Uploaded by

    Ahmad Nawaz
    374 views2 pages
    This document defines the scope of Touchstone's Information Security Management System (ISMS). The ISMS scope includes all organizational processes, services, units, and locations. The only exclusions are private devices, temporary students, and third-party cloud infrastructure. The document was created by Ahmad Nawaz, approved by him, and is valid as of January 1, 2022. It will be reviewed at least every 6 months by the head of compliance.

    Original Title

    ISMS SCOPE DOCUMENT

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document defines the scope of Touchstone's Information Security Management System (ISMS). The ISMS scope includes all organizational processes, services, units, and locations. The only exclusions are private devices, temporary students, and third-party cloud infrastructure. The document was created by Ahmad Nawaz, approved by him, and is valid as of January 1, 2022. It will be reviewed at least every 6 months by the head of compliance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    374 views2 pages

    Isms Scope Document: Change History

    Uploaded by

    Ahmad Nawaz
    This document defines the scope of Touchstone's Information Security Management System (ISMS). The ISMS scope includes all organizational processes, services, units, and locations. The only exclusions are private devices, temporary students, and third-party cloud infrastructure. The document was created by Ahmad Nawaz, approved by him, and is valid as of January 1, 2022. It will be reviewed at least every 6 months by the head of compliance.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 2

    ISMS SCOPE DOCUMENT

    Created by: Ahmad Nawaz


    Approved
    Ahmad Nawaz
    by:

    Change history
    Date Version Created by Description of change
    January 1, Ahmad
    V0.1 New status: in progress. Comment: /
    2022 Nawaz
    January 1, Ahmad
    V0.1 New status: in approval. Comment: /
    2022 Nawaz
    January 1, Ahmad
    V1 New status: approved. Comment: /
    2022 Nawaz
    1. Purpose, scope and users
    The purpose of this document is to clearly define the boundaries of the Information Security
    Management System (ISMS) in Touchstone.

    This document is applied to all documentation and activities within the ISMS.

    Users of this document are members of Touchstone management, members of the project team
    implementing the ISMS, and 

    employees in the IT department, employees in the Security department / all employees

    2. Reference documents
     ISO/IEC 27001 standard, clause 4.3
     Register of legal, contractual and other requirements

    3. Definition of ISMS scope


    The organization needs to define the boundaries of its ISMS in order to decide which information it
    wants to protect. Such information will need to be protected regardless of whether it is additionally
    stored, processed, or transferred in or out of the ISMS scope. The fact that some information is
    available outside of the scope doesn't mean the security measures won't apply to it – this only
    means that the responsibility for applying the security measures will be transferred to a third party
    who manages that information.

    Taking into account the legal, regulatory, contractual, and other requirements, the ISMS scope is
    defined as specified in the following items:

    3.1. Processes and services


    The following processes and services are included in the scope:

     All organizational processes and services


     Strategic planning
     Marketing
     Development of products and services
     Providing services
     Producing products
     Delivery of products and services
     Customer management service
     Information technology processes
     Purchase processes
     Human resource processes
     Financial processes

    3.2. Organizational units

    The following organizational units are included in the scope:

     All organizational units are part of the ISMS scope


     Finance department
     HR department
     Production department

    3.3. Locations

    The following locations are included in the scope:

     All of the organization’s locations are part of the ISMS scope


     Headquarters at address <write full address>
     Branch office at address <write full address>

    3.4. Exclusions from the scope

     There will be no exclusions from the ISMS scope


     Private mobile phones and laptops
     Students working on a temporary basis
     Physical infrastructure of the third-party cloud services

    4. Validity and document management


    This document is valid as of January 1, 2022.

    The owner of this document is the head of compliance, who must check and, if necessary, update
    the document at least every 6 months.

    You might also like