Guest user Created: Nov 14, 2018 Last commented: Nov 14, 2018

Certification scope

Our company offers multiple services such as hosting/implementing a Learning and Management System, a marketing service, staffing, etc. If we wanted to get certified against ISO 27001, can we get certified separately for each of those services or must the company be certified for all its services as a whole? If we can do it separately, is that a normal or advisable way to approach certification since many processes, procedures, and people are so intertwined in most of the services offered?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 14, 2018

Answer:

You can limit your certification scope according to your needs, but you have to evaluate if the administrative effort to have a separated scope is worthy. In most cases, for small and medium business, or in cases where keeping a separated scope is too complex, the best approach is to certify all the services or the organization as a whole.

These articles will provide you further explanation about defining scope:
- How to define the I SMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 14, 2018

Expert Advice Community