ISO 27039

Introduce ISO 27001 to your business and discover how the Information Security Management standard protects your business.

The official name of ISO 27001 is:

Information technology— Security techniques — Information security management systems — Requirements

ISO 27001 ensures that a certified company’/organization’s information security is under explicit management control. The ISO 27001 standard is based on the Deming cycle and the concept of continuous improvement methodology known as «Plan-Do-Check-Act». It can be implemented by all types of enterprises and organizations irrespective of their size and activity.

OBJECTIVES AND BENEFITS OF IMPLEMENTATION 

By implementing ISO 27001, companies/organizations can identify risks and put controls in place to manage or reduce them, gain customer trust in relation to the protection of their data and finally demonstrate to the public the company’s/organization’s continuous commitment to excellence.

Furthermore, the inspection process, a necessary step for certification, benefits companies/organizations by offering valuable insight in their processes which can encourage growth and improvement through remedial measures.

CERTIFICATION PROCESS

ISO 27001 Certification is provided by a Certification Body accredited to this standard.

The Company must decide on the type of certification and apply for it.

The Certification Body provides an appropriate inspection team and performs a pre-assessment on-site inspection of the Information security management system.

During the pre-assessment inspection, the Certification Body checks the completeness of system documentation (manual, procedures, instructions, forms, etc.) and implementation (Archives) under the International Standard ISO 27001.

Deviations are recorded and the Company defines the appropriate period of time within which the necessary corrective actions will take place.

Once the corrective actions have been taken, the Assessment inspection takes place, during which the system is audited as a whole and the completion of all corrective actions is checked.

If the Assessment inspection does not record any non-compliances to the ISO 27001 standard then the Certification Body issues the ISO 27001 Certification.

In the case of recorded non-compliances the Company must take further corrective actions.

REQUIRED DOCUMENTS 

During the Audit all the below are checked:

• License of the Company and the accompanying documents
• Other permits required
• Organizational Structure / Chart
• Objectives
• Procedures
• Instructions for External Documents (eg Legislation)

VALIDITY OF CERTIFICATE

Provided that the Assessment Audit of the Organization’s /Company’s Quality Management System is successful, the Certificate is issued shortly. The ISO 27001 certificate is valid for three years during which time two annual surveillance audits must take place.