To define the ISMS scope, follow these steps:

1. Decide if your whole company will be included in the ISMS scope, or only a part of the company.
2. If only a part of the company is included, take into account the security requirements for setting the ISMS scope.
3. If only a part of the company is included, consider the internal context, such as where the most sensitive information is processed.
4. If only a part of the company is included, assess if the scope is feasible in terms of departments, physical locations, and processes by analyzing dependencies and interfaces.
5. Define what should be excluded from the ISMS scope.
6. Write the ISMS Scope document.