Guest user Created: Apr 15, 2019 Last commented: Apr 15, 2019

ISO 27001 certification

We're thinking about ISO 27001 certification and I have a following question: we have a headquarters (legal entity) in USA, but all the tech team is located in Moscow, Russia. How does the certification goes in this case? where should we perform it? in USA or in Russia?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 15, 2019

Answer:

The certification is related to the ISMS scope, so if the scope covers all organization, then certification goes to both units in USA and Russia. If the ISMS scope covers only the tech team and their activities, then certification goes to Russia, and if the ISMS scope covers only the headquarters, then certification goes to USA.

These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 15, 2019

Expert Advice Community