We've got into Conformio and I just ran into a question that I need clarification on. XXX is a 100% remote company, meaning we have no physical buildings and everyone works from home. I've been discussing with assessors and was just told that you cannot do ISO 27001 if you do not have a physical headquarters building. I need to know from the folks who know the answer. Can we do a ISO 27001 certification if we do not have a building?
In terms of certification you can state as location (company's headquarters) the home address of the founder / CEO of the company or the address of the office where the people accountable for the company can be found (you should ask the certification body what their preference would be in such situation). You can present this address as company's address and all other locations can be considered remote locations and can be audited accordingly.