ISO/SOC ISMS Scope and Risk Assessment Scoping Questionnaire

Primary Contact

Signatory Contact

Explain the organization’s timeline for undergoing the following (Please provide goal dates for the following milestones.)

Scope of Certification

The scope of the certification is a descriptive statement that defines the boundaries of the Information Security Management System.
N/A, example for reference: The organization has categorized its office network and supporting systems which are located in LOCATION as a general support system (GSS) because it is an interconnected set of information resources under the same direct management control and shares common functionality and provides necessary IT infrastructure support. The organization has categorized its GSS as LOW according to Federal Information Processing Standard (FIPS) 199 categorization standards.  Even though this system is of low criticality, it requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, unauthorized access to, or modification of, the information in the application. 
N/A, example for reference: the Organization’s GSS is an information system that supports the general operations of the organization at its locations. It consists of a site-to-site WAN. Hosting of the GSS systems is in the local data center. The LANs are protected by firewalls and best practice network configuration. Best practice domain and application security protect the GSS systems. Endpoints are patched and run end-point protection.

Please enter additional required information (best estimate within the scope of the ISMS and Certification)

Infrastructure Inventory

Please provide a high-level description of the significant systems and application(s) that are considered to be within the scope of the SOC examination (optional).




IDS/IPS Device

VPN Concentrators

Proxy Servers

Directory Servers

Virtualization Management (Hypervisors)

Web Servers

Application Servers

Storage Servers/Databases/Appliances

Centralized Log Management Server

Workstations with access to in scope environment

In-Scope Application #1

In-Scope Application #2


By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.