ISO 27001 & ISO 27011 Scoping Questionnaire

Part 1: Client Company Details

Please provide accurate information about your organization.

Official Company Name *

Primary Business Address *

Key Contact Person & Designation *

Email Address *

Phone Number *

Total Number of Employees *

Target Certification Date *

Within 6 Months Within 1 Year Flexible

Regulatory Frameworks Applicable

PH Data Privacy Act (RA 10173) NTC / DICT Guidelines Other:

Interested Services

ISMS Audit ISMS Compliance Package TTx Exercises Employee Cybersecurity Awareness Program Technical Assessment Others:

Part 2: Core ISP Infrastructure Scoping (All Clients)

This section identifies the "Last Mile" and connectivity boundaries of the network.

Bandwidth Model: Do you own an autonomous backbone network, or do you rent wholesale bandwidth from an upstream provider (e.g., PLDT, Globe) and distribute it? *

Own Backbone Wholesale-to-Retail Model

Distribution Scale: Approximately how many residential households/subscribers are currently active on your network? *

Core Network Assets: Please list the count and general locations of your primary distribution hardware (e.g., OLTs, Core Switches, Edge Firewalls): *

Physical Boundaries: Where is your core routing equipment physically housed? *

Co-located Rack space in a shared data center / commercial building Privately owned server room / office Shared cabinet spaces in public utility sites

Network Monitoring: Do you operate a 24/7 Network Operations Center (NOC) or utilize an automated system (e.g., NetFlow, Syslog servers) to monitor traffic and anomalies? *

Yes (Internal NOC) Yes (Automated/Outsourced Monitoring) No

Part 3: Value-Added Services (VAS) Extension Scoping

Please complete this section if the client company offers services beyond standard retail internet delivery.

Web Hosting Services: Do you host websites, databases, or cloud infrastructure for third-party clients? *

Yes No

Point of Sale (POS) Systems: Do you develop, distribute, or manage backend databases for Point of Sale (POS) transaction processing? *

Yes No

Software Development Capabilities: Does your organization build custom software applications or perform internal code modification? *

Yes No

Data Handled: Does the company manage client billing, account provisioning, or customer relationship management (CRM) via integrated ERP suites (e.g., SAP, custom SQL databases)? *

Yes No

Part 4: Supplier & Third-Party Dependencies

Outsourced Staffing: Do external freelancers or contract software developers have remote administrative access to your live network or production repositories? *

Yes No

SLA Management: Are security requirements and uptime performance penalties explicitly included in agreements with your upstream bandwidth and cloud storage vendors? *

Yes No

Part 5: Preliminary Exclusion Check (For Statement of Applicability)

To help us build your initial Statement of Applicability (SoA), please indicate if any of the following fields are strictly outside your business capability.

In-House Software Development: *

Applicable Excluded (We only buy off-the-shelf software)

Physical Control of Data Center Buildings: *

Applicable Excluded (We only rent rack space)

Additional Information

Please provide any additional information that may be relevant to your ISO 27001 certification journey:

ISO 27001 & ISO 27011 Scoping Questionnaire

Part 1: Client Company Details

Part 2: Core ISP Infrastructure Scoping (All Clients)

Part 3: Value-Added Services (VAS) Extension Scoping

Part 4: Supplier & Third-Party Dependencies

Part 5: Preliminary Exclusion Check (For Statement of Applicability)

Additional Information

Why Complete This Questionnaire?

Accurate Scoping

Faster Certification

Cost Efficiency

Tailored Approach