"Our organization has achieved ISO27001:2013 certification for few years back for a Data Center (DC). Recently, we have established a Security Monitoring Center (SMC) and we are exploring to have the SMC being certified with ISO 27001.
We are considering to extend the existing DC ISMS Certification scope to the SMC or to have the SMC to gain a separate ISMS certification.
Below are my doubts that requires your expert advice:
a) Would it be fine to have the same ISMS team who take care of DC ISMS certification to manage the SMC ISMS Certification programme?
b) Would it be fine to deploy the existing relevant DC ISMS SOPs to the SMC ISMS Certification? Meaning that we maintain a single set of SOPs but to be used for two separate ISMS Certification;DC and SMC respectively.
c) What are the advantages and disadvantages to maintain a single ISMS Certification for both centers versus each center has its own ISMS certification?