Good day. In the context of the current implementation of ISO 27001:2022, and towards certification, I ask if guidance may please provided, regarding the following: We are a company of around 60 employees. We are working towards implementing the standard throughout the company; and risk assessment has been done accordingly. We have come across a doubt, however. While our line of business includes manufacturing and also services providing, we also plan to offer a cloud-based platform, accessible to customers via access credentials, where they can access information related to the equipment/services we provide.
1 - From the implementing/certification point of view, shall the described be considered globally, all included in the implementation/certification, or rather, is it possible or advisable to separate them? I.e., consider the platform separately, with its own certification.
2 - If they were to be separate, how would this even be managed in Conformio?