Expert Advice Community

Guest

Scope definition and certification costs

  Quote
Guest
Guest user Created:   Sep 20, 2019 Last commented:   Sep 20, 2019

Scope definition and certification costs

"Saludos, les mando las siguientes preguntas:
  1. En la institución tenemos un sistema core de negocio, el cual interactua y se proyecta a cada vez enlazarse con otros sistemas, por lo que estoy analizando si es factible obtener la certificación ISO 27001:2013 solo para dicho sistema y toda la infraestructura, procesos, recursos y activos que rodean a este sistema de información de gestión. Es factible esto? no se requiere implementar para toda la organización.
  2. Se puede usar el logo del certificado en la pagina de inicio del sistema de gestión (por un tema de presencia institucional).
  3. Entiendo que Uds. venden el paquete documentario, pero quisiera saber el costo aproximado de la auditoria para obtener la certificación."
"Greetings, I'm sending you the following questions:
  1.  In the institution, we have a core business system, which interacts and it is projected to link with other systems, so I am analyzing whether it is feasible to obtain the ISO 27001: 2013 certification only for said system and the entire infrastructure, processes, resources, and assets surrounding this management information system. Is this feasible? No implementation is required for the entire organization.
  2. The certificate logo can be used on the homepage of the management system (for an institutional presence issue).
  3. I understand that you sell the documentary package, but I would like to know the approximate cost of the audit to obtain the certification."
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 20, 2019
1. In the institution, we have a core business system, which interacts and it is projected to link with other systems, so I am analyzing whether it is feasible to obtain the ISO 27001: 2013 certification only for said system and the entire infrastructure, processes, resources, and assets surrounding this management information system. Is this feasible? No implementation is required for the entire organization.

The ISMS scope can cover all organization, or only specific locations, processes or information, so you can limit your ISMS scope to this system and related assets.

The main point when considering this approach is the effort required to keep the ISMS scope separated from the rest of the organization's elements (for small and mid-sized organizations many times the effort is not worthy, and it is better to include all the organization in the ISMS scope)

These articles will provide you a further explanation about the scope definition:- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/ 

2. The certificate logo can be used on the homepage of the management system (for an institutional presence issue).

Once certified, the organization will receive from its certification body instructions on how to use the certificate logo properly, and in a general manner, when the certificate does not cover all organization this has to be made explicitly clear in all the uses of the certificate logo.

3. I understand that you sell the documentary package, but I would like to know the approximate cost of the audit to obtain the certification.

There are a significant number of variables to be considered when estimating an implementation cost, such as size and complexity of the scope, number of employees, number of sites, etc. Additionally you also have these main topics to consider:- Training and literature- External assistance- Technologies to be updated/implemented- Employee's effort and time- The certification process

These articles can provide you more information:- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 20, 2019

Sep 20, 2019

Suggested Topics

Guest user Created:   Sep 09, 2019 ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Guest user Created:   Jun 02, 2018 ISO 27001 & 22301
Replies: 1
0 0

Scope definition