Expert Advice Community

Guest

ISO 27001 certification for subsidiary companies

  Quote
Guest
Guest user Created:   Nov 18, 2020 Last commented:   Nov 18, 2020

ISO 27001 certification for subsidiary companies

Hi, We are considering going for ISO 27001 certification but we have a fully owned subsidiary company in the *** (we are *** based). 1 - Is it possible to certify the two together or is it necessary to seek certification for each one individually? 2 - Similarly would we need a separate ISMS for each?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 18, 2020

1 - Is it possible to certify the two together or is it necessary to seek certification for each one individually?

It is possible to have a single certification for your organization and its subsidiary, but please note that implementing a certification in multiple geographic locations is a complex, and more expensive, task and you should go for it only if it is really necessary for business strategies and objectives. Instead, you should consider the prioritization of locations and implementing the certification one location at a time.  

2 - Similarly would we need a separate ISMS for each?

ISO 27001 does not prescribe how to manage information security in multiple organizations, so you can manage them using a single platform. But is important to note that you need to ensure that the specifics in the implementation of each organization are clearly identified and separated.

For example, you may have the same control (e.g., access control) implemented in different ways in several organizations, and your platform needs to help you track this condition, so activities like internal audit and management review can work on the real situation of each organization.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 18, 2020

Nov 18, 2020

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 1

ISO 27001 Internal Audits