Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Certification scope

  Quote
Guest
Guest user Created:   Oct 06, 2023 Last commented:   Oct 06, 2023

Certification scope

As we have two entities, one in Site A operating under the supervision of the regulator and 2nd in Site B providing services for the Site A entity, a few things to clarify:

  • Is the setup, documents, actions etc. enough for both entities, or I will have to prepare two different setups?
  • Also do we have to pass an audit to certify both entities or only the regulated body is enough?

In addition to that, the situation now is slightly changed as we have another regulated entity in Site C and I need this to be added in the answer. I need clarification on how to action as we have now in total 3 companies under Company:

Company A - the Site B company that is providing services for the rest of the companies

Company B - the Site A-regulated company

Company C - the Site C-regulated company

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 06, 2023

Regarding certification, you should consult your customers and regulators' requirements (i.e., contracts, laws, and regulations) to identify if they demand all sites to be certified or only specific sites. Based on these requirements, you can define which entities need to be certified. For example, if your customers' contracts only require Site A to be certified, and regulators do not demand certification, then certifying only Site A would be enough. 

Regarding setup, documents, actions, and other elements related to the ISMS, those that are similar can be shared between entities (e.g., document and record control, internal audit, management review, etc.), while those with specific requirements may require separate implementation (e.g., disaster recovery plans). 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 06, 2023

Oct 06, 2023