+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • French
  • Français
  • België
  • Dutch
  • English
  • French
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • Transition CyberFundamentals 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • Transition to ISO/IEC 27701:2025
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

Describing the scope of certification: tips and examples

Are you about to start a certification process? Then the scope of certification must be described carefully. The scope defines which activities, products, services and locations are included in the certification. The scope description must be clear, complete and not misleading. Anything outside the scope of certification is not assessed as part of the certification audit. Would you like to know how a certification process starts at Brand Compliance? Read the certification process step by step.

Describing the scope of certificationWhat is a scope? #

A scope describes the nature, extent and boundaries of the certification. It is a textual description of the activities, processes, products or services of the organization that fall within the scope of certification. A scope description makes clear which part of the organization has been assessed and certified. A well-defined scope provides clarity, direction and focus. Formulate the scope in such a way that a third party immediately understands what the certificate has been issued for. The scope should make clear which activities, processes, products or services meet the relevant standard.

The management system to be certified is established on the basis of a predefined scope. The scope of certification is determined during the application for certification. Based on the scope description, Brand Compliance can assess whether the application falls within the scope of its accreditation and whether a proposal can be prepared.

Supporting processes #

It is not always necessary to explicitly mention supporting processes in the scope description when they do not have a prominent role within the scope of certification. Examples include marketing, HR and purchasing. This does not mean that these processes are automatically outside the certification. If a supporting process directly affects the primary process, the service or the product delivered to the client, it may be relevant to the scope of certification. Focus the scope description on the activities, processes, products or services that directly relate to what the organization delivers and what is controlled within the management system.

Tips for a clear scope description #

When describing the scope, it is important that the wording is factual, clear and not commercial. The following points can help you formulate a clear scope description:

  • Clearly define what is included in the scope of certification and what is not.
  • Describe activities, processes, products or services in concrete terms.
  • Limit the use of abbreviations.
  • Avoid ambiguous or misleading wording.
  • Do not use subjective or commercial claims, such as “high-quality”, “innovative” or “market leader”.
  • Use verbs to make clear what the organization does.

For example:

“Selling and repairing cars.”

Instead of:

“Car dealer.”

Where several activities are included, it is useful to apply a clear structure. This helps prevent the scope from being interpreted in a misleading or ambiguous way. In such cases, the scope can be structured with bullet points, for example:

“Information security related to:

  • developing, implementing and managing software;
  • providing management and support services;
  • managing client data within the agreed service delivery.”

Scope description for an ISMS #

For an ISMS, an information security management system, the scope description is particularly important. The scope makes clear which information, processes, systems, locations and services the information security management system applies to.

Examples of a scope description for ISO 27001 certification are:

“Information security related to developing, implementing and managing software for storing, retaining and processing medical data in support of occupational health services, including the management of databases and servers in an external data center within the EU.”

“Information security related to advising, designing, developing, integrating, maintaining and operating mobile applications and web applications for processing personal health information and providing associated external hosting services.”

Scope description for NEN 7510 #

For NEN 7510 certification, the scope of certification must make clear which activities, products or services relate to the management of personal health information. Where parts of the management of personal health information have been outsourced, this must be clear from the scope description. The relationship with the applicable controls from the organization’s Statement of Applicability should also be clear.

An example of a scope description is:

“Information security related to setting up, configuring and managing IT environments for office automation in which personal health information may be processed, where application management and storage of personal health information are partly outsourced.”

Scope and the certification audit #

The scope description plays a role in the preparation and performance of the certification audit. During the stage 1 audit, the auditor assesses, among other things, whether the management system is sufficiently prepared and whether the scope of certification has been clearly described. A clear scope helps define the boundaries of the audit and prevents uncertainty about which activities, locations, processes or services are included in the certification.

Conclusion #

A clear scope description shows which part of the organization is included in the certification. The description should be factual, concrete and not misleading. Avoid commercial wording and describe what the organization does, for whom, where and within which boundaries.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 3 July 2026
How to conduct an internal auditCertification checklist: how to prepare for certification
Contents
  • What is a scope?
  • Supporting processes
  • Tips for a clear scope description
  • Scope description for an ISMS
  • Scope description for NEN 7510
  • Scope and the certification audit
  • Conclusion

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance
Thank you for your rating!
Thank you for your rating and comment!
This page was translated from: Dutch
Please rate this translation:
Your rating:
Change
Please give some examples of errors and how would you improve them: