ISO 27001 Clause 4.3 Determining The Scope Of The ISMS

ISO 27001

ISO 27001 Clause 4.3 Determining The Scope Of The ISMS is an ISO 27001 clause and a requirement of ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems to get ISO 27001 certification.

What is ISO 27001 Clause 4.3?

The organisation shall determine the boundaries and applicability of the information security management system to establish its scope.
When determining this scope, the organisation shall consider:
a) the external and internal issues referred to in ISO 27001 Clause 4.1 Understanding The Organisation And Its Context
b) the requirements referred to in ISO 27001 Clause 4.2 Understanding The Needs And Expectations Of Interested Parties
c) interfaces and dependencies between activities performed by the organisation, and those that are performed by other organisations.

ISO 27001:2022 Clause 4.3 Determining The Scope Of The Information Security Management System