Can ISO 27001:2013 be certified against multiple legal entities?
We have multiple companies (different legal entities) and operating from the same location under the single owner. We would like to implement the ISO27001:2013 for all the different legal entities. All entities are under the same line of business.
I would like to know whether we can implement the ISO 27001:2013 for multiple companies under the single scope? So that we can undergo for certification as a single unit?
Let me know if you need more information.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
It is possible to have a single certification for multiple companies, provided that the ISMS scope covers elements of all companies (e.g., processes, information, and/or locations). Of course, all entities will have to go through all certification process together.
Adopting a single certificate for all entities or separate ones for each entity is a business decision, depending on their objectives and strategies, but in general, organizations adopt the model of one certification for each entity, because a change in an entity does not impact the certification of other entities.
These articles will provide you a further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This article will provide an additional explanation about single certification for multiples entities (although it is about ISO 9001, the same concept applies to ISO 27001):
- Certifying different legal entities under one certification scope in ISO 9001 https://advisera.com/9001academy/blog/2018/03/27/certifying-different-legal-entities-under-one-certification-scope-in-iso-9001/
These articles will provide you a further explanation about implementing ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How long does it take to implement ISO 27001 / BS 25999? https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/ - this is the timing that is needed for companies that use our toolkits
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course http://training.advisera.com/course/iso-27001-foundations-course/
To see how documents used to implement ISO 27001 looks like, please take a look at the free demo templates of our ISO 27001 Implementation Toolkit in this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Comment as guest or Sign in
Jan 07, 2021