Skip to main content

ISMS Scope

Scope Statement

The Core 12 ISMS protects the confidentiality, integrity, and availability of information in all forms: written, spoken, electronically recorded, printed, transmitted, processed, stored, or disposed.

The ISMS applies to:

  • Core 12, LLC entities and workers, including employees, contractors, interns, and other involved persons.
  • Core 12 offices, remote work locations, and business continuity arrangements.
  • Managed devices, unmanaged devices used for Core 12 work, cloud services, file storage, repositories, web applications, websites, marketing platforms, and internal IT services.
  • Client projects, client digital projects, client data, project documentation, project assets, company data, HR data, financial data, and internal operational records.
  • Third-party vendors and IT services that access, process, store, transmit, or support Core 12 or client information.

Involved Persons

Every worker at Core 12, LLC, no matter their status, is an involved person. This includes employees, contractors, interns, and any user of a system in the Core 12 environment.

Involved Systems

Involved systems include all computer equipment, network systems, platforms, applications, repositories, cloud services, websites, web applications, managed devices, unmanaged devices used for Core 12 work, and data contained on those systems.

Current Exclusions

No permanent exclusions are approved in this initial restructure. Any proposed exclusion must be documented in core12-isms-management as a risk or management decision, approved by the Information Security Officer and leadership, and referenced from this page.

Required Register Coverage

Every in-scope asset, service, vendor, application, website, person, license, certification, security incident, and risk must be represented in core12-isms-management or explicitly accepted as a gap during migration.