The majority of our finance, HR and other major departments are managed by our parent company, but our sister company wants to become ISO 27001 certified. How do we manage the certification process? Please note that we will require access to the HR and finance departments, for instance. Additionally, we are headquartered in site A and have a branch in site B, but we wish to obtain certification only for site A. How are we going to treat our employees in site B and under which category should we put this?