Guest user Created: Mar 24, 2017 Last commented: Mar 24, 2017

Expanding ISMS scope

A client currently certified for their organisation in ISO 9001, and also certified ISO 27001:2013 in one of their departments. My question is how can they move forward to have their ISO 27001 to implement in the rest of the organisation?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 24, 2017

1) should they implement ISO 27001 to the whole organisation?
2) or should they implement to others division or department?

Answer: Both strategies for implementing the ISMS on other parts of the organization are valid, but you also should consider the deadline expected to achieve the full implementation, the complexity of the other processes and the resources available to recommend one or another. Considering that any implementation project adds a great deal of stress in the organization, you preferably should suggest them to go for implementing the ISMS to the whole organization.

3) It is a separate ISMS implementation or they can extend the current ISMS implementation through out the organisation?

Answer: You can make an extension of your current ISMS implementation to include the new departmen ts. You only have to take care to include the new departments in the scope presented to the certification body only when they are prepared to undergo a certification audit, since for the certification body this addition to the scope will have to undergo all the steps of a certification audit.

Quote

0 0

Guest

ethantan Mar 24, 2017

Thanks for the prompt reply

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 24, 2017

Expert Advice Community