We would be happy to accept your free offer and have our documents checked by you. I am sending you our current status.
In particular, we have the following questions:
1 - We are a translation company and have only identified one general entry - our customers - in the list 02.01 of statutory official contractual requirements. Could you tell us if this is enough?
2 - We obtain standard services from our service providers and do not always negotiate individual contracts. Is it sufficient for our certification if our service providers are themselves certified according to ISO 27001?
3 - As a small company, management and IT have double roles of responsibility, so that the separation of duties is not always possible. Did we take this into account correctly in the documents? How is this to be dealt with in general?