Skip to main content
IT Services

Breadcrumb

  1. IT Services
  2. Projects
  3. Current Projects
  4. ISO27001 project
  5. Scope of ISO 27001 project

Scope of ISO 27001 project

Certification Scope:

The provision of managed information systems to Queen Mary University, London, by the IT Services department, in accordance with the Statement of Applicability version 1.0

Scope Diagram:

(Please click on the diagram to view the full image)

Scope Use Cases:

System Developer

As a System Developer employed within ITS, my role is to carry out modifications and enhancements to the Student Records System (SITS) using an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Configuration and change management
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Access control
  • Secure development lifecycle
  • Acceptable use policy

 

Supplier Manager

As a Supplier Manager employed within ITS, my role is to assess and procure ITS-related services.  I use an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Acceptable use policy

 

HR specialist

As a HR specialist employed by the University but not specifically ITS, my role is to onboard and support members of staff as well as to handle leavers.  I use an ITS-managed laptop within Department W.  If the member of staff belongs to ITS, then I need to understand and adhere to the following policies:

  • Acceptable use
  • Joiners, movers and leavers

I also need to adhere to the memorandum of understanding between ITS and HR.

 

Project manager

As a project manager employed within ITS, my role is to lead internal ITS projects of various sorts.  I use an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Configuration and change management
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Acceptable use policy

 

Receptionist

As a receptionist employed within ITS, my role is to manage the reception desk in Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Information classification
  • Information transfer
  • Physical and environmental security
  • Acceptable use policy

 

 

 

Back to top