ISO 27001 certification coverage
We are a global company with branch offices up to 27 countries and soon to be more. That being said, if our office gets ISO 27001 certified, will the other branch office be certified and/or have the ability to say they are ISO 27001 certified?
Assign topic to the user
The certification coverage will depend on the ISMS scope definition. If it is issued to corporate X, then it is needed to verify which locations (i.e., addresses) were included. If the address of any subsidiary or affiliated entity is included, then it is covered by the certificate (of course this entity will have to go through all certification process together with the main Corporate X)
Adopting a single certificate for all units or separated ones for each unit is a business decision, depending on their objectives and strategies, but in general organizations like these adopt the model of one certification for each unit, because a change on a unit does not impact the certification of other units.
These articles will provide you further explanation about scope definition:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
This material can also help you:
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 22, 2020