Scope Extension – ISO 27001

man standing cyber security

Scope Extension

Many organisations start small with ISO 27001 by only including specific areas in the scope of the management system.  However, business needs, external commercial factors and ever-evolving security threats often lead to a requirement to extend the scope of the ISMS to cover other areas of the business. Scope extension is a common requirement which we can help businesses achieve as part of the requirement for ISO 27001.

How scope extension can benefit your company

An ISO 27001-compliant ISMS is inherently scalable, and allows you the flexibility to extend the scope of your ISMS to meet changing information security needs. If over time your company expands or changes, you can extend the scope when needed to cover new locations for your business, different divisions or business functions.

man working on laptop security department
planning isms

Our approach to scope extension

Each scope extension is a small project in its own right. The context and objectives of your ISMS may need to be adjusted to reflect the amended scope, additional interested parties will emerge, and the new risks need to be assessed and treated.  Additional areas of the business may also need to be engaged with training and awareness. Our ISO 27001 consultants will work with you to plan and execute your scope extension!

Why Trust Us?

  • CS Risk Management is an award-winning security consultancy with a strong track record of successful ISO 27001 certifications
  • A decade of experience of end to end implementation of ISO27001 for companies of varying sizes from mid-sized organisations through to FTSE 100 corporates
  • Experienced consultants with certifications such as CISSP, CISM and ISO27001 Lead Implementer
cs risk management logo

Chat to a consultant.