My department already got certification for ISO 27001:2013 last year (2016). But for a particular reason, my department should move to new building. How would be the status for my ISO 27001:2013 Certification.
Do we have to take another recertification audit? or just surveillance audit?
Broadly speaking: As long as you comply with the standard, if your ISMS is still in place as a whole and all your information security processes are working fine your certificate should be fine as well.
You should definitely evaluate all changes that come with the move itself. If there are any major developments within your infrastructure or your organization, then your ISMS will probably be affected as well. You have to react to these changes properly.
You should also contact your certificate authority and ask them, what their expectations are, in a case like this
ISO certification normally assumes that a system can live between 2 consecutive audits. That means that if the move has any impact in any of the documented processes, the documentation must be changed accordingly. The rule is that at any moment the actual processes must follow the current documentation.
Next audit will control that your documentation has been changed accordingly to the move to the new building, that the new documentation is still ISO27001 conformant and that new documents are consistently respected.
