If a company wants to certify against some of ISO 27000-series standards (let's say ISO 27001 and ISO 27005), what could possibly be certified? I mean, is it IT processes in general in the organisation as a whole? Or is it more likely that only one/several system(s) used in that company is/are certified? OR does it depend on particular standard (let's say I am interested in the ones above)?
If a company has chosen some particular standard, can it be broken down somehow so that only a part of the standard is certified?
Aucun commentaire:
Enregistrer un commentaire