I'm currently working for a bank and we have around 250 plus branches..
We have a requirement for all our branches to get complied with ISO 27001:2013.
What my question is how to approach this task?
We are currently in the process of certifying our head office..
Do we need to conduct separate risk assessments and asset inventory for each branch. Isn't there an easy way?