For successful certification to ISO/IEC 27001, the requirements include the following
In addition, there are requirements relating to your information security management system documentation
Optimize your information security: With certification in accordance with ISO/IEC 27001, you show your customers and partners that your company values information security.
ISO/IEC 27001 is an international standard for information security management systems (ISMS). It provides orientation for companies of all sizes with regard to the planning, implementation, monitoring and optimization of information security. It also takes into account the individual risks in the company in connection with guaranteeing the protection of both data and IT. As such, your company can not only protect itself from attacks, but also from unplanned interruptions in operations, the loss of sensitive data and damage to its reputation.
First, we hold an information meeting with you in order to determine the scope and area of application for the certification in a prudent manner. This forms the basis for a differentiated offer.
Audit stage 1 – readiness assessment
The actual certification process starts in phase 2. The objective of stage 1 of the audit is to assess readiness for the certification on site. The results are documented in a written report.
Audit stage 2 – certification audit
The audit (stage 2) is also conducted at the company premises. The aim of this is to evaluate the implementation and effectiveness of the ISMS.
Awarding of certificate and monitoring
After a positive certification decision, a certificate is issued with a validity of three years. During these three years, two monitoring audits are performed at planned intervals, in which the application and effectiveness of the ISMS is assessed through random checks.
Copyright© 2023 - QA Assessor. All rights reserved.