Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Certification process of sister company

  Quote
Guest
Guest user Created:   Sep 13, 2022 Last commented:   Sep 13, 2022

Certification process of sister company

The majority of our finance, HR and other major departments are managed by our parent company, but our sister company wants to become ISO 27001 certified. How do we manage the certification process? Please note that we will require access to the HR and finance departments, for instance. Additionally, we are headquartered in site A and have a branch in site B, but we wish to obtain certification only for site A. How are we going to treat our employees in site B and under which category should we put this?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 13, 2022

If I understood correctly, the scenario involves a parent company X, at least two sister companies Y and A, and company A has a branch company B.

 

                                                            X (parent)

                               Y(sister)                                               A(sister)

                                                                                               B(branch)

 

In this situation you should consider only Site A as the scope for the certification process, leaving the departments from the parent company, and the branch in site B, as third parties which interact with your certification scope.  

This way your certification process will be restricted to Site A, and required security controls related to departments from the parent company, and related to the branch company, will be handled through security clauses in contracts and/or service agreements you will establish with them.

This article will provide you with further explanation about the certification process:

This material will also help you regarding the Information Security Management System scope definition:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 13, 2022

Sep 13, 2022

Suggested Topics

Guest user Created:   Oct 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

22301 certification

Guest user Created:   Oct 06, 2023 ISO 27001 & 22301
Replies: 1
0 0

Certification scope