Query Related to ISO 27001
Dear All,
Trust all is well
There is one client which is just a startup, who is providing IT enabled solutions and services and want to get ISO 27001 certification. But all their Infrastructure, security and IT development and services is provided and managed by a third party which ISO 27001 certified. Only sales marketing is done by the client.
Whether client should go for ISO 27001 certfication or not, even when there is only few employees and company is not yet operational
Looking foward to hear from you
Assign topic to the user
From your scenario, I’m understanding that your customer is a solution provider that does not own the operational infrastructure.
Considering that, ISO 27001 certification is possible for this customer considering the protection of the information in the process it controls (i.e., sales marketing).
Since the IT solutions provided are outsourced, these are out of the scope (these could be handled by means of contracts/services agreements signed with such providers).
For further information, see:
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Nov 22, 2022