Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Your organization and your customer

Please, I would like to ask about ISO 27001. I have on doubt. For example, I selling a SYSTEM. So, my customer has whole infrastructure to support the SYSTEM that he bought from me. Servers, Storage, Network. I just create and install the SYSTEM on the customer environment. All management is customers own.

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

So, is ISO27001 adherent for me? Or just to a company that provides services?

Answer:

In this scenario, you can implement and certify the ISO 27001 in your organization, and also your customer can implement and certify the ISO 27001 in his business. The unique difference will be the scope of the ISMS. In your case could be your development services, your informations systems that supports your services, etc. In the case of your customer the scope could be the services that they offers, the information systems that supports their services, etc. So, you could have a ISO 27001 certificate, and also your customer could have a ISO 27001 certificate but with a different scope.

If you need more information about the scope, please re ad this article How to define the ISMS scope: https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community