Maintaining ISMS Certifications from a merging company
Assign topic to the user
Since the scope of the ISMS is changing, first the ISMS scope document needs to be updated. Once this is done, the best course of action is to contact the certification body and ask them if they can cover this changed scope at the next surveillance audit, or they would need to handle this new scope through a new certification audit.
The change in ISMS scope for this scenario is due to the change in location; Is that correct?
What does usually will be the CB advise if there is change in scope? Is it surveillance audit or new certification audit? What is the crieteria?
Another issue for this scenario is the ISMS certificate will be for different entity (a merging entity)
It seems to me the change in your case is in location, but also in the legal entity.
For other information it is best that you consult with your certification body, I wouldn't like to speculate without detailed insight.
Comment as guest or Sign in
Jan 15, 2020