Scope Information Security Management System (ISMS)

Scope and purpose of the ISMS

The scope of the Information Security Management System (ISMS) defines which entities, services, processes, and information assets of Fellow Digitals are covered by information security and privacy controls. A clearly defined scope ensures that security and privacy measures are applied consistently and proportionately across relevant activities.

ISMS framework and PDCA cycle

Fellow Digitals operates an Information Security Management System (ISMS) based on a risk‑based approach and the Plan–Do–Check–Act (PDCA) cycle. Within this framework, risks are identified and assessed, appropriate measures are implemented, and the effectiveness of those measures is monitored and improved.

Scope of services and activities

The ISMS scope aligns with the development, delivery, and operation of Fellow Digitals’ digital platforms and related services. This includes supporting processes and activities that may impact the confidentiality, integrity, availability, or protection of information. In external communication, the relevant legal entities within the group are collectively referred to as “Fellow Digitals.”

Sector‑specific and regulatory requirements

Where additional regulatory or sector‑specific requirements apply, such as in healthcare contexts, a specific or supplementary scope may be defined. This ensures that those requirements are addressed in a controlled manner within the ISMS framework.

Suppliers and service dependencies

Dependencies on suppliers and service providers that support the delivery of services, such as hosting and outsourced IT services, are taken into account within the ISMS scope. This supports the identification and management of risks related to the service chain.

Statement of Applicability

The ISMS scope is formally established and documented. The Statement of Applicability (SoA) forms an integral part of this documentation and describes which information security and privacy controls are applicable within the defined scope, including any justified exclusions.