Question about ISO 27001 and ISO 22301
Assign topic to the user
Implementing ISO 27001 and ISO 22301 considering only internal needs is acceptable for certification purposes. In this case, the “customers” can be some of the organization’s own internal departments (e.g., Projects department as a customer of IT department, Accounting department as a customer of the Sales department, etc.).
Later, when and if you identify the need, you can expand the certification scope to cover the organization’s Customer’s security and Service availability requirements.
These articles will provide you a further explanation about the scoped definition and interested parties:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/ (the same concept applies to ISO 22301)
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
Comment as guest or Sign in
Feb 01, 2022