ISO 27001 corporate vs business functions

I’m assuming that by business functions you mean activities related to the organization’s core business, while for corporate functions you mean supporting activities.

Considering that, please note that ISO 27001 aims to protect any kind of information, and depending on the defined scope, the information can be either related to Business functions as well as to Corporate functions. So, you need to clarify first with your assessment team which information, processes, and/or locations will be part of your ISMS to verify which functions need to be assessed.

These articles will provide you a further explanation about ISMS scope:

- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

These materials will also help you regarding ISMS scope:
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/