Our company offers multiple services such as hosting/implementing a Learning and Management System, a marketing service, staffing, etc. If we wanted to get certified against ISO 27001, can we get certified separately for each of those services or must the company be certified for all its services as a whole? If we can do it separately, is that a normal or advisable way to approach certification since many processes, procedures, and people are so intertwined in most of the services offered?
You can limit your certification scope according to your needs, but you have to evaluate if the administrative effort to have a separated scope is worthy. In most cases, for small and medium business, or in cases where keeping a separated scope is too complex, the best approach is to certify all the services or the organization as a whole.