Certification of information security management systems
Certification of the information security management system is a confirmation from an independent, competent and accredited agency that the business adheres to the requirements of an internationally recognized information security management system standard. This includes establishing, implementing, operating, monitoring, reviewing, maintaining and improving the organization’s information security management system.
ISO/IEC 27001:2017 includes elements to ensure:
- Security requirements and objectives are properly formulated
- Security risks are managed in a cost-efficient way
- Compliance with laws and regulations
- A proper framework for the implementation and management of controls to ensure the security objectives of the organization are met
- Compliance with the policies, directives, and standards of the organization
- Information security for customer
How does the ISO/IEC 27001 certification process work?
System audits in the certification process are a means to measure if the information security management system meets the requirements of ISO/IEC 27001:2017. The main purpose of the system audits is to identify potential improvements.
The certification process consists of two phases:
- Phase 1 usually consists of a visit to the business in order to review the status of the organization, system documentation, infrastructure, etc. In particular, the organization’s Statement of Applicability (SOA) will be verified.
- Phase 2 is the certification audit verifying that the system documentation meets the requirements of ISO/IEC 27001:2017. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that need to be corrected before a certificate can be issued.
How long is an ISO/IEC 27001 certificate valid?
The certificate will be valid for three years after being granted. During this period, annual surveillance audits will be conducted.
- Nemko has a lean organization with an effective decision-making process and quick turnaround
- Auditors have valuable experience and inspire a culture of constant improvement
- They value communication with customers
- Observations and comments are clearly expressed to ensure measurable improvement
- The approach is practical and down-to-earth
- The auditor is responsible for the customer during the entire audit process and audit cycle