Is a shared workspace in Scope of ISO27001

Tim Larkman

many organisation these days dont have an office or a Data Center ect. They are fully remote, but they do sometime collaborate at a dedicated shared office space. We have key cards to a specific room in the shared office space building. Would this shared office space be in scope of ISO27001:2022? For example, there is a reference to office locations in the BCP and in the Scope of the ISMS.


1 comment

  • Comment author
    Shannon Idea generator Vanta Team Member Conversation starter
    • Official comment

    Hi Tim Larkman! Apologies for the delayed response here; When deciding to include shared office space in ISO 27001:2022, the scope depends on its importance for your organization's information security. For remote-based companies, there is also the potential to include virtual sites in scope. If a location or the team based there is critical to the business and/or is vital to your ISMS, consider including it. Be sure to work with all relevant stakeholders in your organization to ensure the decision aligns with your security goals. If you're still unsure, work directly with your auditor on what will be the best course of action for your team.

Please sign in to leave a comment.