ISO 27001 certification for subsidiary companies
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 - Is it possible to certify the two together or is it necessary to seek certification for each one individually?
It is possible to have a single certification for your organization and its subsidiary, but please note that implementing a certification in multiple geographic locations is a complex, and more expensive, task and you should go for it only if it is really necessary for business strategies and objectives. Instead, you should consider the prioritization of locations and implementing the certification one location at a time.
2 - Similarly would we need a separate ISMS for each?
ISO 27001 does not prescribe how to manage information security in multiple organizations, so you can manage them using a single platform. But is important to note that you need to ensure that the specifics in the implementation of each organization are clearly identified and separated.
For example, you may have the same control (e.g., access control) implemented in different ways in several organizations, and your platform needs to help you track this condition, so activities like internal audit and management review can work on the real situation of each organization.
Comment as guest or Sign in
Nov 18, 2020