Setting up and passing the audit
As we have two entities, one in Site A operating under the supervision of the regulator and 2nd in Site B providing services for the Site A entity, a few things to clarify:
1 -Is the setup, documents, actions etc. enough for both entities, or I will have to prepare two different setups?
2 -Also do we have to pass an audit to certify both entities or only the regulated body is enough?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1 -Is the setup, documents, actions etc. enough for both entities, or I will have to prepare two different setups?
Please note that in case these two sites are separated legal entities with different core businesses, then you need to treat them through separate implementations.
2 -Also do we have to pass an audit to certify both entities or only the regulated body is enough?
The certification scope can be only one entity or both entities. To make this decision you should consider the requirements of your customers and applicable laws and regulations.
For further information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
This tool can also help you:
- Tool for defining the ISO 27001 ISMS scope https://advisera.com/insight/chatbot-tool-iso-27001-scope/
Comment as guest or Sign in
Jan 10, 2023