Skip to content

    ISO/IEC 27001 Information security management system

    ISO/IEC 27001:2017 is the information security management system standard designed to specify the requirements for the implementation of security controls within an individual organization. It also covers physical control and IT security issues.

    Contact our team

    Certification of information security management systems

     

    Certification of the information security management system is a confirmation from an independent, competent and accredited agency that the business adheres to the requirements of an internationally recognized information security management system standard. This includes establishing, implementing, operating, monitoring, reviewing, maintaining and improving the organization’s information security management system.

     

    ISO/IEC 27001:2017 includes elements to ensure:

    • Security requirements and objectives are properly formulated
    • Security risks are managed in a cost-efficient way
    • Compliance with laws and regulations
    • A proper framework for the implementation and management of controls to ensure the security objectives of the organization are met
    • Compliance with the policies, directives, and standards of the organization
    • Information security for customer

    How does the ISO/IEC 27001 certification process work?

    System audits in the certification process are a means to measure if the information security management system meets the requirements of ISO/IEC 27001:2017. The main purpose of the system audits is to identify potential improvements.

     

    The certification process consists of two phases:

    • Phase 1 usually consists of a visit to the business in order to review the status of the organization, system documentation, infrastructure, etc. In particular, the organization’s Statement of Applicability (SOA) will be verified.
    • Phase 2 is the certification audit verifying that the system documentation meets the requirements of ISO/IEC 27001:2017. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that need to be corrected before a certificate can be issued.

     

    How long is an ISO/IEC 27001 certificate valid?

    The certificate will be valid for three years after being granted. During this period, annual surveillance audits will be conducted.

     

    Why Nemko?

    • Nemko has a lean organization with an effective decision-making process and quick turnaround
    • Auditors have valuable experience and inspire a culture of constant improvement
    • They value communication with customers
    • Observations and comments are clearly expressed to ensure measurable improvement
    • The approach is practical and down-to-earth
    • The auditor is responsible for the customer during the entire audit process and audit cycle


    Experienced team

    Our knowledgeable and efficient auditors bring the longstanding expertise of a company that has been providing third-party certification according to ISO standards for more than a quarter of a century.

    Contact us