Guest user Created: May 01, 2019 Last commented: May 01, 2019

Certification process

I have a question about certification process. Our company has 2 offices: one in London (UK) and one in Yerevan (Armenia). The Armenian company is xxx, 100% of stocks are belongs to UK company. Do we need the certification process for both companies, or only for our UK office? The aim is to have whole company certified.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 01, 2019

Answer:

The certification coverage will depend on the ISMS scope definition. If it is issued to corporate X, then we need to verify which locations (i.e., addresses) where included. If the address of any subsidiary or affiliated entity is included, then it is covered by the certificate (of course this entity will have to go through all certification process together with the main Corporate X)

Adopting a single certificate for all units or separated ones for each unit is a business decision, depending on their objectives and strategies, but in general organizations like these adopt the model of one certification for each unit, because a change on an unit does not impact the certification of other units.

These articles will provide you further explanation about scope definition:

- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 01, 2019

Expert Advice Community