Skip to main content
IT Services

Scope of ISO 27001 project

Certification Scope:

The provision of managed information systems to Queen Mary University, London, by the IT Services department, in accordance with the Statement of Applicability version 1.0

Scope Diagram:

(Please click on the diagram to view the full image)

Scope Use Cases:

System Developer

As a System Developer employed within ITS, my role is to carry out modifications and enhancements to the Student Records System (SITS) using an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Configuration and change management
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Access control
  • Secure development lifecycle
  • Acceptable use policy

 

Supplier Manager

As a Supplier Manager employed within ITS, my role is to assess and procure ITS-related services.  I use an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Acceptable use policy

 

HR specialist

As a HR specialist employed by the University but not specifically ITS, my role is to onboard and support members of staff as well as to handle leavers.  I use an ITS-managed laptop within Department W.  If the member of staff belongs to ITS, then I need to understand and adhere to the following policies:

  • Acceptable use
  • Joiners, movers and leavers

I also need to adhere to the memorandum of understanding between ITS and HR.

 

Project manager

As a project manager employed within ITS, my role is to lead internal ITS projects of various sorts.  I use an ITS-managed laptop within Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Configuration and change management
  • Third party assessment and management
  • Information classification
  • Data retention
  • Information transfer
  • Acceptable use policy

 

Receptionist

As a receptionist employed within ITS, my role is to manage the reception desk in Department W.  For my role, the ISMS will mean I need to understand and adhere to the following policies:

  • ISMS information security policy
  • Information security incident management and reporting
  • Information classification
  • Information transfer
  • Physical and environmental security
  • Acceptable use policy

 

 

 

Back to top