1. Framework FAQs

Which ISO 27001 controls can I put out of scope if I do not have an office?

This article outlines the ISO 27001 controls that can typically be put out of scope if the company does not have an office

The following ISO 27001 controls are usually put out of scope where there is no office:
  • A.7.1 Physical security perimeters
  • A.7.2 Physical entry
  • A.7.3 Securing offices, rooms and facilities
  • A.7.4 Physical security monitoring
  • A.7.5 Protecting against physical and environmental threats
  • A.7.6 Working in secure areas
  • A.7.11 Supporting utilities
  • A.7.12 Cabling security