ISMS Scope Statement Template
Document Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | [DATE] | [NAME] | Initial version |
1. Organization Overview
Organization Name: [Your Company]
Business Description: [Brief description of what your organization does]
Industry Sector: [e.g., Technology, Healthcare, Finance]
2. ISMS Scope Definition
2.1 Organizational Scope
The ISMS applies to the following organizational units:
- [Department/Business Unit 1]
- [Department/Business Unit 2]
- [Department/Business Unit 3]
2.2 Physical Locations
| Location | Address | Type | In Scope |
|---|---|---|---|
| HQ | [Address] | Office | Yes |
| DC1 | [Address] | Data Center | Yes |
| Remote | Various | Home Office | Yes |
2.3 Information Systems
| System | Description | In Scope |
|---|---|---|
| [System 1] | [Description] | Yes |
| [System 2] | [Description] | Yes |
2.4 Processes
The following processes are within scope:
- [Process 1]
- [Process 2]
- [Process 3]
3. Exclusions
| Excluded Item | Justification |
|---|---|
| [Item] | [Reason] |
4. Interfaces and Dependencies
| External Party | Interface | Data Exchanged |
|---|---|---|
| [Party] | [API/Network] | [Data type] |
5. Scope Statement
[Organization Name]'s ISMS scope encompasses all information processing activities related to [core business function] at [locations], including [key systems] supporting [X] employees and [Y] customers.
Approval
| Role | Name | Signature | Date |
|---|---|---|---|
| ISMS Owner | |||
| Management Rep |
Next Lesson: Leadership requirements for your ISMS.