LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Enterprise Branch Certification

  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Enterprise Branch Certification

Dear Friends,   A foreign company branch needs to get certified. the branch assets mostly controlled by oversees company. even some servers and routers controlled by hq IT department. they need to get 27001. main company has isms but branch semi controlled semi independent. how is the documentation should be? should we get the main company documentation into branch docs too? I am seriously confused :) I hope you guy can guide me out.   Thanks for everyone for their interest
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016
Gokhan,

In this case you have to set the scope of your ISMS very precisely. You have basically 2 options:

a) Broaden the scope of your main company ISMS to include the branch office as well, or
b) Implement a separate ISMS in your branch only.

It seems to me that option a) would be better, because this would mean that the existing documentation will be valid not only for the main office, but also for your branch.

If you choose the option b), your branch office will have to treat everything that is outside of the scope as external party - this means that in this context your main office would also be an external party, with which you would have to define a clear boundary and make agreements for SLA, security, etc. Further, in this case the branch would have to write its own documentation.
Quote
0 0
Guest
Guest post Jan 12, 2016
Dear Dejan

Thank you somuch for your wise guidance

 

Gökhan
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016