While Instant 27001 was developed with small to medium sized organizations in mind, it is flexible enough to scale along as your organization grows.

Should your organization span multiple organizational units (or sites), you have the option to serve all sites using one ISMS, or each site can have their own ISMS.


In this scenario, the main office (holding organization) and all subsidiaries are seen as one organization. This would mean one ISMS is needed (one scope, one risk analysis, one set of controls, one Statement of Applicability).

This would require only one license for Instant 27001.

Individual ISMS-es

When all organizational units have different activities, products or services, one overarching ISMS may be too rigid. To add flexibility, you can consider using one ISMS for each independent organizational unit.

Each will have its scope, risk analysis, selection of controls and Statement of Applicability. It is of course possible to refer to content (e.g. company wide policies or procedures) from one ISMS to the other.

This would require additional licenses for each new instance of the Instant 27001 ISMS.

100% first time success rate!
Start with confidence.

Order now   Book a demo