Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Scope of ISO 27001 for a software project

Ours is a small company which is planning to go for ISO 27001 certification. For a company to get ISO 27001 certified, can they go ahead and get only one software project ISO 27001 certified or do they have to get the full organization ISO 27001 certified? Please do let us know.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

You can include in the scope of the certification the activities related to your software project, processes related to your software project, department that works on this project, or you can certify all activities related to the whole company. However, you cannot certify only the project itself - the point is that your organization is certified, not your product.

For more information about the definition of the scope, you can read this article: How to define the ISMS scope: https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community