Expert Advice Community

Guest

Clarification on ISO 27001:2022 certification

  Quote
Guest
Guest user Created:   Jan 12, 2023 Last commented:   Jan 12, 2023

Clarification on ISO 27001:2022 certification

Good day. In the context of the current implementation of ISO 27001:2022, and towards certification, I ask if guidance may please provided, regarding the following: We are a company of around 60 employees. We are working towards implementing the standard throughout the company; and risk assessment has been done accordingly. We have come across a doubt, however. While our line of business includes manufacturing and also services providing, we also plan to offer a cloud-based platform, accessible to customers via access credentials, where they can access information related to the equipment/services we provide.

1 - From the implementing/certification point of view, shall the described be considered globally, all included in the implementation/certification, or rather, is it possible or advisable to separate them? I.e., consider the platform separately, with its own certification.

2 - If they were to be separate, how would this even be managed in Conformio?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 12, 2023

1 - From the implementing/certification point of view, shall the described be considered globally, all included in the implementation/certification, or rather, is it possible or advisable to separate them? I.e., consider the platform separately, with its own certification.

Due to the size of your company (around 60 employees), unless you have specific requirements for this cloud-based platform to have its own certification (e.g., a law or contract with a customer), the best approach is to consider a single implementation covering all the organization, because, for companies of this size, the effort to separate what is included in the ISMS scope from what is not included is not worthy.

For further information, see:

2 - If they were to be separate, how would this even be managed in Conformio?

In case you have a need for the platform to be in a separate implementation/certification, you can create two regular Conformio accounts (one for each instance you want to certify) and do a separate certification for both. As separated accounts, it is not possible to share documents or data to manage both implementations in an integrated form. 

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2023

Jan 12, 2023

Suggested Topics