Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Enterprise Branch Certification

Dear Friends, A foreign company branch needs to get certified. the branch assets mostly controlled by oversees company. even some servers and routers controlled by hq IT department. they need to get 27001. main company has isms but branch semi controlled semi independent. how is the documentation should be? should we get the main company documentation into branch docs too? I am seriously confused :) I hope you guy can guide me out. Thanks for everyone for their interest

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Gokhan,

In this case you have to set the scope of your ISMS very precisely. You have basically 2 options:

a) Broaden the scope of your main company ISMS to include the branch office as well, or
b) Implement a separate ISMS in your branch only.

It seems to me that option a) would be better, because this would mean that the existing documentation will be valid not only for the main office, but also for your branch.

If you choose the option b), your branch office will have to treat everything that is outside of the scope as external party - this means that in this context your main office would also be an external party, with which you would have to define a clear boundary and make agreements for SLA, security, etc. Further, in this case the branch would have to write its own documentation.

Quote

0 0

Guest

Guest post Jan 12, 2016

Dear Dejan

Thank you somuch for your wise guidance

Gökhan

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community