Tools for conforming to standards, goals and processes
Clause 4.3: Determining the scope of the information security management system
An organization’s “scope” explains what the organization does. When the organization considers “risk”, it should consult clauses 4.1, 4.2, and 4.3.nYour ‘scope’ describes the activities you carry out that will be included in your ISMS.