When your company trades under multiple business names, you may have multiple certificates under one assessment, but you need to provide the following:
Send a signed letter headed document to IASME confirming the below.
There is no firewall separation between the companies
All companies use the same network infrastructure and devices
All companies employ the same staff
If you have different employees for each business, you can name each company on one certificate provided there is no firewall separation in place.
If your company has multiple individuals under its control (i.e. You are a financial management company with multiple independent financial advisors working directly and solely to your company) or is operating in multiple locations (i.e. you have a central office with satellite offices) the guiding principles are:
For multiple locations:
All the locations operate under the same policies and processes
The locations are controlled by a unified management structure reporting up to the main location
The policies and processes for data protection and IT management are unified
The company will need to have authority to make decisions on behalf of the independent companies
For multiple locations and multiple individuals all paragraph 1 conditions and:
All the IT and devices are controlled and maintained by the main company office.
Security policies are set and imposed centrally
Patching is controlled centrally
Operating system and system builds are controlled centrally
Administrative permission for devices is controlled centrally
The company has the authority to make decisions on behalf of the independent companies
The key takeaway from the above is that if all businesses are subsidiaries of a group, then you can certify the group as a whole. And, if every business in the group is under the control of a single organisation, then a board member can sign off on the certification.
For More Information, or to apply for another certificate for a different business name. Contact [email protected]