SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Question about ISO 27001 and ISO 22301

  Quote
Guest
Guest user Created:   Feb 01, 2022 Last commented:   Feb 01, 2022

Question about ISO 27001 and ISO 22301

Hope you are keeping well.  I have a question about how we approach ISO 27001 and 22301 in relation to our (potential) customers.  As you may recall, we are a start-up company with no contractual arrangements with our current clients. Currently we have a number of customers using our AI product in Proof of Concept projects. The aim is, once they are happy with the PoC, to move on to a large project(s) where we will formalize the relationship by selling our products and services to the customers. Now to ISO ...  As we have no contracts with customers currently the plan for both ISO 27001 and 22301 is to cover just our company’s Security standards and Business Continuity needs, so that we obtain certification for ourselves.  As and when we sign a Customer we will then modify all relevant ISO process to include the Customer’s security and Service availability requirements, and so on. Is this the correct approach?  Or do we need a customer. And if so, why?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 01, 2022

Implementing ISO 27001 and ISO 22301 considering only internal needs is acceptable for certification purposes. In this case, the “customers” can be some of the organization’s own internal departments (e.g., Projects department as a customer of IT department, Accounting department as a customer of the Sales department, etc.).

Later, when and if you identify the need, you can expand the certification scope to cover the organization’s Customer’s security and Service availability requirements.

These articles will provide you a further explanation about the scoped definition and interested parties:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 01, 2022

Feb 01, 2022

Suggested Topics