Scope
The scope of your audit refers to the boundaries for the assessment. It requires organizations to identify the people, locations, policies and procedures, and technologies that interact with, or could otherwise impact, the security of the information being protected.