What is ISO 27001
The official name of ISO 27001 is:
Information technology— Security techniques — Information security management systems — Requirements
ISO 27001 ensures that a certified company’/organization’s information security is under explicit management control. The standard is based on the Deming cycle and the concept of continuous improvement methodology known as «Plan-Do-Check-Act». It can be implemented by all types of enterprises and organizations irrespective of their size and activity.
BENEFITS OF IMPLEMENTING ISO 27001
By implementing ISO 27001, companies/organizations can identify risks and put controls in place to manage or reduce them, gain customer trust in relation to the protection of their data and finally demonstrate to the public the company’s/organization’s continuous commitment to excellence.
Furthermore, the inspection process, a necessary step for certification, benefits companies/organizations by offering valuable insight in their processes which can encourage growth and improvement through remedial measures.
ISO 27001 Certification is provided by a Certification Body accredited to this standard.
Eurocert provides a competent ISO 27001 auditors and performs a pre-assessment of the Information security management system.
During the pre-assessment inspection, Eurocert checks the completeness of system documentation (manual, procedures, instructions, forms, etc.) and implementation (Archives) under the International Standard ISO 27001.
Deviations are recorded and the Company defines the appropriate period of time within which the necessary corrective actions will take place.
Once the corrective actions have been taken, the Assessment inspection takes place, during which the system is audited as a whole and the completion of all corrective actions is checked.
If the Assessment inspection does not record any non-compliances to the ISO 27001 standard then the Certification Body issues the ISO 27001 Certification.
In the case of recorded non-compliances the Company must take further corrective actions.
REQUIRED DOCUMENTS FOR ISO 27001 CERTIFICATION:
During the Audit all the below are checked:
- License of the Company and the accompanying documents
- Other permits required
- Organizational Structure / Chart
- Instructions for External Documents (eg Legislation)
VALIDITY OF ISO 27001 CERTIFICATE
Provided that the Assessment Audit of the Organization’s /Company’s Quality Management System is successful, the Certificate is issued shortly. The ISO 27001 certificate is valid for three years during which time two annual surveillance audits must take place.