SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Guest

Certification

  Quote
Guest
Guest user Created:   May 18, 2023 Last commented:   May 18, 2023

Certification

Dear Dejan,

I am following you and Advisera for a couple of months and I really like the content you provide.
I am now in the process of preparing my first customer for ISO 27k certification, but the legal side of things with the certification is not quite clear to me.

Would please be so kind, and give me your professional opinion on this? Would also Conformio help me with the process in this case?

Let me give you a brief overview of the situation and you will know what I mean right away:

There is company A (consists of 15 people), based in EU, which develops software, provides support, makes proprietary hardware for the software they make etc.
Then there is company B (consists of 2 people), based outside EU, which owns the copyrights to this software, tells company A what to do, what to develop, and also is written on every contract when they sell this software.
Customer wants this software to be ISO 27k certified. Company B has no other legal connection with Company A, they are not like parent/daughter companies.

My question is, which company is going to be certified? Do they need to be both certified, separately?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 18, 2023

First is important to note that the software is not certifiable against ISO 27001. What can be certified are departments or whole companies.

You can certify either company A, or B, or both of them. Since this certification is driven by customer demand, it would be best to ask the customer which company would they prefer to be certified. If the customer does not have a preference, it would be more logical to go for company B.

Regarding Conformio, it can be used to implement and maintain your Information Security Management System, no matter if you choose to go with company A or B. It is designed to be used by smaller companies.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 18, 2023

May 18, 2023

Suggested Topics

Guest user Created:   Oct 24, 2023 ISO 27001 & 22301
Replies: 1
0 0

22301 certification

Guest user Created:   Oct 06, 2023 ISO 27001 & 22301
Replies: 1
0 0

Certification scope