ISO 27001 - Information Security Management System
ISO 27001 includes elements to ensure the following:
- Security requirements and objectives are properly formulated
- Security risks are managed in a cost efficient way
- Compliance with laws and regulations
- A proper framework for the implementation and management of controls to ensure the security objectives of the organization are met
- Compliance with the policies, directives and standards of the organization
- Information security for customers
How does the Certification Process Work?
System audits in the certification process are a means to measure if the information security management system meets the requirements of ISO 27001. The main purpose of the system audits is to identify potential improvements
The certification process consists of two phases:
- Phase 1 normally consists of a visit to the business in order to review the status of the organization, system documentation, infrastructure, etc. In particular the organization’s Statement of Applicability (SOA) will be verified.
- Phase 2 is the certification audit verifying that the system documentation meets the requirements of ISO 27001. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that needs to be corrected before a certificate can be issued.
The certificate will be valid for 3 years after being granted. During this period, annual surveillance audits will be conducted
Contact Nemko
Contact Nemko
Please phone or send us your request in the form below, and we will contact you as soon as possible. Let us know your purpose and we will find the right person to call you back.
The Nemko Direct Program for more challenging international approvals – they truly are a fast and competitive alternative