Expert Advice Community

Guest

Query Related to ISO 27001

  Quote
Guest
Rohit D Created:   Nov 21, 2022 Last commented:   Nov 22, 2022

Query Related to ISO 27001

Dear All, 

Trust all is well

There is one client which is just a startup,  who is providing IT enabled solutions and services and want to get ISO 27001 certification. But all their Infrastructure, security and IT development and services is provided and managed by a third party which ISO 27001 certified. Only sales marketing is done by the client.

Whether client should go for ISO 27001 certfication or not, even when there is only few employees and company is not yet operational 

Looking foward to hear from you 

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 22, 2022

From your scenario, I’m understanding that your customer is a solution provider that does not own the operational infrastructure.

Considering that, ISO 27001 certification is possible for this customer considering the protection of the information in the process it controls (i.e., sales marketing).

Since the IT solutions provided are outsourced, these are out of the scope (these could be handled by means of contracts/services agreements signed with such providers).

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 21, 2022

Nov 22, 2022