Supplier compliance
I have a supplier with an office in the UK but its main offices are in the US. They have an ISO27001 certificate that doesn’t include their UK office, is the UK office compliant?
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First is important to note that being compliant is different than being certified.
If an organization fulfills ISO 27001 requirements then it is ISO 27001 compliant.
If an organization is ISO 27001 certified, it means that an accredited certification body has independently verified that the organization fulfills ISO 27001 requirements.
Considering that, since the UK office is not included in the certification, you should audit this office, by using your own auditors or a third-party auditor in your behalf, to verify if the UK office is ISO 27001 compliant.
Comment as guest or Sign in
Dec 02, 2019