Is it possible for an entity or a division part of an organization to be certified ISO 27001, specifically the Division Information Security Management System?
Asked
Active
Viewed 245 times
4
-
I suggest that you would better ask the institutions that actually perform such certifications. In Germany e.g. http://www.tuev-sued.de/management-systeme/it-dienstleistungen/iso-27001 – Mok-Kong Shen Apr 17 '16 at 16:12
-
You mean organization, don't you? – Tobi Nary Apr 17 '16 at 19:15
-
No i mean some part of an organization such marketing department – Apr 17 '16 at 20:22
1 Answers
2
Yes, that is possible. ISO27001 requires you to define the scope of the certification, so you could restrict the scope to that one specific division.
Of course, any smart auditor would check what relations that division has with other divisions and which risks and controls are related to that.
Teun Vink
- 6,788
- 2
- 27
- 35
-
-
1Controls are measures taken to reduce the chance and or impact of certain risks. – Teun Vink Apr 17 '16 at 16:43
-
1While it is definitely possible, the scoping in this particular case has to be done very well. If you have never been involved in this process, you should probably get outside help. – Tom K. Feb 19 '18 at 08:41