SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Maintaining ISMS Certifications from a merging company

  Quote
Guest
Ariffuddin Created:   Jan 14, 2020 Last commented:   Jan 15, 2020

Maintaining ISMS Certifications from a merging company

This is a scenario. Company A is currently ISMS certified – The scope: Security Operation Center (SOC); location at office A, using System A Company A need to be re-certified by end of February. Company B (not ISMS certified) bought over company A. Their merging exercise to be completed in March. They intend to relocate the SOC to location B, may be used new System B (later after the relocation). They want to maintain the ISMS certification of the SOC (previously company A). Appreciate your advise: What is their action plan in order to maintain the ISMS certification? Company B also intend to extend the scope of ISMS – New Scope – Whole company? What they need to do? Thank you

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Jan 14, 2020

Since the scope of the ISMS is changing, first the ISMS scope document needs to be updated. Once this is done, the best course of action is to contact the certification body and ask them if they can cover this changed scope at the next surveillance audit, or they would need to handle this new scope through a new certification audit. 

Quote
0 0
Guest
Ariffuddin Jan 15, 2020

The change in ISMS scope for this scenario is due to the change in location; Is that correct? 
What does usually will be the CB advise if there is change in scope? Is it surveillance audit or new certification audit? What is the crieteria?
Another issue for this scenario is the ISMS certificate will be for different entity (a merging entity)

Quote
0 0
Expert
Dejan Kosutic Jan 15, 2020

It seems to me the change in your case is in location, but also in the legal entity. 

For other information it is best that you consult with your certification body, I wouldn't like to speculate without detailed insight. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 14, 2020

Jan 15, 2020

Suggested Topics

Guest user Created:   May 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISMS 27001 processes

Guest user Created:   Mar 31, 2022 ISO 27001 & 22301
Replies: 1
0 0

Merging ISMSs