Scope definition and certification costs

1. In the institution, we have a core business system, which interacts and it is projected to link with other systems, so I am analyzing whether it is feasible to obtain the ISO 27001: 2013 certification only for said system and the entire infrastructure, processes, resources, and assets surrounding this management information system. Is this feasible? No implementation is required for the entire organization.

The ISMS scope can cover all organization, or only specific locations, processes or information, so you can limit your ISMS scope to this system and related assets.

The main point when considering this approach is the effort required to keep the ISMS scope separated from the rest of the organization's elements (for small and mid-sized organizations many times the effort is not worthy, and it is better to include all the organization in the ISMS scope)

These articles will provide you a further explanation about the scope definition:- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/ 

2. The certificate logo can be used on the homepage of the management system (for an institutional presence issue).

Once certified, the organization will receive from its certification body instructions on how to use the certificate logo properly, and in a general manner, when the certificate does not cover all organization this has to be made explicitly clear in all the uses of the certificate logo.

3. I understand that you sell the documentary package, but I would like to know the approximate cost of the audit to obtain the certification.

There are a significant number of variables to be considered when estimating an implementation cost, such as size and complexity of the scope, number of employees, number of sites, etc. Additionally you also have these main topics to consider:- Training and literature- External assistance- Technologies to be updated/implemented- Employee's effort and time- The certification process

These articles can provide you more information:- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project