Chat with Experta

User
Who should be in charge of defining the ISMS scope?
Experta
In smaller companies, it is usually a person who is in charge of the ISO 27001 implementation (e.g., a Security officer) that writes the draft of the ISMS scope document. However, it is the top management that needs to approve the ISMS scope since this scope needs to be aligned with the expectations of the top management about what it wants to achieve with this implementation.