We have a company with locations in 3 countries: Germany, Italy and the UK.
Of course, we registered our company under 3 different legal names based on the country. So the main-name is always the same, but based on the country the name has a different name extension and therefore is slightly different in each country.
We want to get ISO 27001 certified in all 3 locations/countries. Do we need to make 3 audits now in each country? Or is it enough to implement in all 3 locations and only do 1 audit which will cover all 3 locations?
What possibilities do we have? / Any advice?
For certification purposes, you can either have a single certificate covering the three sites or one certification for each site, but regardless of the adopted approach all sites will have to be audited to achieve certification.
Considering that all sites have to be audited, the best course of action would be to certificate each site at a time. This way you can better plan your expenses with implementation, and a problem with one certified company wouldn't affect the others.