ISO 27001 certification for a group of companies
Assign topic to the user
It is possible to have a single certification for your organization and its subsidiaries, but please note that implementing a certification in multiple geographic locations is a complex, and more expensive, task and you should go for it only if it is really necessary for business strategies and objectives. Instead, you should consider the prioritization of locations and implementing the certification one location at a time. Additionally, with multiple certifications, in case one location has some problem with fulfilling requirements, this will not affect the certification of other sites.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This article will provide an additional explanation about single certification for multiples entities (although it is about ISO 9001, the same concept applies to ISO 27001):
- Certifying different legal entities under one certification scope in ISO 9001 https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
This material may also help:
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 27, 2021