‘The ISMS covers all departments within Company XYZ that have access to customers’ data. The purpose of the ISMS is to ensure the confidentiality, integrity, and availability of customers’ data, and ensure compliance with the applicable regulatory requirements regarding information security."
What does this statement describe?
A . The information systems boundary of the ISMS scope
B . The organizational boundaries of the ISMS scope
C . The physical boundary of the ISMS scope
Answer: B
Explanation:
The statement describes the organizational boundaries of the ISMS scope, which define which parts of the organization are included or excluded from the ISMS. The organizational boundaries can be based on criteria such as departments, functions, processes, activities, or locations. In this case, the statement specifies that the ISMS covers all departments within Company XYZ that have access to customers’ data, and excludes the ones that do not. The statement also explains the purpose of the ISMS, which is to ensure the confidentiality, integrity, and availability of customers’ data, and ensure compliance with the applicable regulatory requirements regarding information security.
The statement does not describe the information systems boundary of the ISMS scope, which defines which information systems are included or excluded from the ISMS. The information systems boundary can be based on criteria such as hardware, software, networks, databases, or applications. The statement does not mention any specific information systems that are covered by the ISMS.
The statement also does not describe the physical boundary of the ISMS scope, which defines which physical locations are included or excluded from the ISMS. The physical boundary can be based on criteria such as buildings, rooms, cabinets, or devices. The statement does not mention any specific physical locations that are covered by the ISMS.
Reference: ISO/IEC 27001:2013, clause 4.3: Determining the scope of the information security management system
ISO/IEC 27001 Lead Implementer Course, Module 4: Planning the ISMS based on ISO/IEC 27001
ISO/IEC 27001 Lead Implementer Course, Module 6: Implementing the ISMS based on ISO/IEC 27001
ISO/IEC 27001 Lead Implementer Course, Module 7: Performance evaluation, monitoring and measurement of the ISMS based on ISO/IEC 27001
ISO/IEC 27001 Lead Implementer Course, Module 8: Continual improvement of the ISMS based on ISO/IEC 27001
ISO/IEC 27001 Lead Implementer Course, Module 9: Preparing for the ISMS certification audit
ISO/IEC 27001 scope statement | How to set the scope of your ISMS – Advisera1
How to Write an ISO 27001 Scope Statement (+3 Examples) – Compleye2
How To Use an Information Flow Map to Determine Scope of Your ISMS3
ISMS SCOPE DOCUMENT – Resolver4
Define the Scope and Objectives – ISMS Info5
Latest ISO-IEC-27001 Lead Implementer Dumps Valid Version with 50 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund