Millenium

ISMS SCOPE DOCUMENT

Created by: Cristian Cim
Approved by: Cristian Cim

Change history

Date Version Created by Description of change

September 29, 2022 V0.1 Cristian Cim New status: in progress. Comment: /
September 29, 2022 V0.1 Cristian Cim New status: in approval. Comment: /
September 29, 2022 V1 Cristian Cim New status: approved. Comment: /

1. Purpose, scope and users

The purpose of this document is to clearly define the boundaries of the Information Security Management
System (ISMS) in Millenium.

This document is applied to all documentation and activities within the ISMS.

Users of this document are members of Millenium management, members of the project team implementing
the ISMS, and

employees in the IT department, employees in the Security department / all employees

2. Reference documents

 ISO/IEC 27001 standard, clause 4.3

 Project Plan
 Register of legal, contractual and other requirements

3. Definition of ISMS scope

The organization needs to define the boundaries of its ISMS in order to decide which information it wants to
protect. Such information will need to be protected regardless of whether it is additionally stored, processed,
or transferred in or out of the ISMS scope. The fact that some information is available outside of the scope
doesn't mean the security measures won't apply to it – this only means that the responsibility for applying
the security measures will be transferred to a third party who manages that information.

Taking into account the legal, regulatory, contractual, and other requirements, the ISMS scope is defined as
specified in the following items:

3.1. Processes and services

The following processes and services are included in the scope:

 All organizational processes and services

 Strategic planning
  Marketing
 Development of products and services
 Providing services
 Producing products
 Delivery of products and services
 Customer management service
 Information technology processes
 Purchase processes
 Human resource processes
 Financial processes

3.2. Organizational units

The following organizational units are included in the scope:

 All organizational units are part of the ISMS scope

 Finance department
 HR department
 Production department

3.3. Locations

The following locations are included in the scope:

 All of the organization’s locations are part of the ISMS scope

 Headquarters at address <write full address>
 Branch office at address <write full address>

3.4. Exclusions from the scope

 There will be no exclusions from the ISMS scope

 Home offices of remote workers
 Private mobile phones and laptops
 Students working on a temporary basis
 Physical infrastructure of the third-party cloud services

4. Validity and document management

This document is valid as of September 29, 2022.

The owner of this document is the CISO, who must check and, if necessary, update the document at least
every 6 months.