The standard’s scope is defined in Clause 1 of ISO/IEC 27001:2022. It states that the standard outlines the requirements for setting up, executing, upholding, and constantly enhancing an Information Security Management System (ISMS). 

The goal of ISMS is to safeguard information’s confidentiality, integrity, and availability through the utilisation of risk management procedures. The scope applies to all organisations, no matter their size, category, or character, that aim to create an ISMS for safeguarding their information assets. 

The clause also states that the standard contains criteria for evaluating and addressing information security risks that are specifically designed for the organization’s requirements.