We have multiple companies (different legal entities) and operating from the same location under the single owner. We would like to implement the ISO27001:2013 for all the different legal entities. All entities are under the same line of business.
I would like to know whether we can implement the ISO 27001:2013 for multiple companies under the single scope? So that we can undergo for certification as a single unit?
Let me know if you need more information.
It is possible to have a single certification for multiple companies, provided that the ISMS scope covers elements of all companies (e.g., processes, information, and/or locations). Of course, all entities will have to go through all certification process together.
Adopting a single certificate for all entities or separate ones for each entity is a business decision, depending on their objectives and strategies, but in general, organizations adopt the model of one certification for each entity, because a change in an entity does not impact the certification of other entities.
These articles will provide you a further explanation about scope definition: