I'm working through the process with the help of a consultant, and we have some general questions about applying 27K to a small hosting business like mine. I run a small hosting business focusing on email and also offering web hosting and similar services.
1) How should we apply the standard to a small business with limited checks and balances? In my case, there are currently just three of us with access to the systems. As the business owner I have access to basically everything (servers running the services, as well as billing records), and I have one other administrator with admin access to most of the servers, and a support person with more limited admin access. In particular for my access, it's hard to define limitations to access or .
2) How should we describe our use of 27K in our marketing, if we adopt the structure and complete the documentation but don't go through a formal 3rd party certification audit?