Guest user Created: Jul 28, 2018 Last commented: Jul 28, 2018

Changes in scope

We are a company based in XXXX and we are looking into possibilities of also opening an office space in XXXX and XXXX. My question is if this will affect our ISO scope. Do we have to include these other offices in our scope,or is it possible to only certify the company based in XXX?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 28, 2018

Answer: Yes, it is possible to certify your company only for the first office without expanding the scope of ISO certification; however be aware that in such case the other offices will be treated as third parties, which could complicate your operations. Such solutions are better for larger companies, whereas for smaller companies we recommend that you include your whole company (i.e. all of your offices) in the scope.

This article will provide more information:
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 28, 2018

Expert Advice Community

Changes in scope

Changes in scope

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Identifying the changes in ISO 27001 scope

Changes in ISO 27001:2013 related to the scope, the context and the SOA