ISO 27001 INFORMATION SECURITY
ISO 27001 (Information Security Management Systems) is a standard that will enable organisations to manage all types of information to ensure the confdentiality, integrity and availability of information.
The international standard provides requirements for the establishment, implementation, maintaining and continually improving information security management in organisations. Certifcation to this standard is a demonstration of an independent expert assessment whether the organisation’s information and data are adequately protected.
FOR WHOM?
ISMS can be applied to any business in any industry for the day-to-day management of security risks to the information of the organisation’s business processes, stores or transmits.
ISO 9001 was frst published in 1987 and since then has been used by organisations worldwide to show that they can offer consistently good quality products and services as well as to streamline processes and to become more effcient. It is called the mother standard among all ISO standards, it forms the basis of business process management system and lays the foundation of process and system management in an organisation.
WHY IMPLEMENT ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM IN YOUR ORGANISATION?
- It allows the organisation to prove that they are managing information through a risk-based assessment and treatment of information security risks.
- It will help the organisation coordinate the information security whether these information are electronically or manually managed.
- It will prove to the organisation’s potential customers that they seriously secure their personal and business information.
- Cost reductions in avoiding security incidents by proactively implementing controls.
CERTIFICATION PROCESS
CERTIFICATION
AUDITING PROCESS
Optional: Pre-assessment audit
We can provide an independant assesment of your management system (MS).
Stage 1 audit
The Certification Body will gain an understanding of your business to assess wether your documented policy, objectives, continual improvement plans and procedures meet the requirements of MS standard. The readiness of your implementation programme is also assessed.
Stage 2 audit
The Certification Body will audit your MS in action, to check that your declared policy, objectives and targets have been effectively communicated, and that your continual improvement plans and procedures are working in practice. Certifcation is then awarded after successful closures of any outstanding issues.
Surveillance audit
After you have achieved certifcation, we undertake regular ongoing audits of your MS to ensure that it is being maintained and that it continues to meet the objectives of your organisationand the expectation of your customers.
Re-certifcation audit
The certifcate is valid for 3 years. A recertifcation audit is conducted on the full MS before the expiry of the certifcate.
* No contractual
** The on-going surveillance is governed by the contract issued
during the initial audit.
MANAGEMENT SYSTEM
CERTIFICATION AUDITING PROCESS
