Expert Advice Community

Guest

Merging intergroup company ISMS's

  Quote
Guest
S Created:   Dec 28, 2022 Last commented:   Dec 30, 2022

Merging intergroup company ISMS's

For a sister company that has decided to implement the ISO certified ISMS instead of theirs - Is it enough to identify gaps between 2 ISMS's and receive approval from top management that both companies are following the one ISMS - as long as any gaps are indentified should any new policies be required (depending on regulatory requirements) will this be sufficient?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 30, 2022

Please note that, unless the companies are identical, one company cannot simply copy and paste the ISMS from another company, so your proposed approach (approval from top management and treatment of gaps) is not sufficient.

You need to perform all the implementation steps (most importantly the risk assessment), to determine which kind of specific security is needed for the company’s unique circumstances. The similarities may help speed up and simplify the process, but you need to follow the implementation steps to ensure you have an ISMS fit for purpose for this specific company.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 28, 2022

Dec 30, 2022

Suggested Topics

Guest user Created:   Jan 21, 2023 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 certification

Guest user Created:   Jan 17, 2023 ISO 27001 & 22301
Replies: 1
0 0

Inquiry