Search in ISMS Guides

Google
 

Monday, June 30, 2008

ISO 27001 CERTIFICATION EXPLAINED

Contrary to common belief, certification is applicable against ISO 27001, rather than ISO 17799. The certification itelf is international, in that National Accreditation Bodies have a mutual recognition model in place enabling certifications granted in one territory to be recognized in another. Clearly, this is essential for an international standard.

Common reasons to seek certification include: Organisational assurance; trading partner assurance; Competitive advantage (market leverage); reduction or elimination of trade barriers; reduced regulation costs; and so on.

To meet the certification requirements, an organization's ISMS must be audited by a 'Certification Body' (or strictly speaking, an assessor who works for a Certification Body). There is a clear segregation of dutues here: the assessor must be independent of consultancy and training.

A Certification Body must have been accredited by the National Accreditation Body for the territory in question (eg: UKAS in the UK). This helps ensure that the Certification Bodies meet national and international standards for their services, and ensure consistency. In respect to ISO 27001, this is typically a document called EA-7/03 (‘Guidelines for Accreditation of Bodies Operating Certification / Registration of Information Security Management Systems’).

The following diagram may clarify this process:



Different certification bodies tend to adopt slightly different approaches to the exercise, with some being more 'hands on' than others. However, the following six step process is a fairly common one:

1 - Questionnaire (the Certification Body obtains details of your requirements)
2 - Application for Assessment (you complete the application form)
3 - Pre-assessment Visit or a ‘Gap Analysis’ (optional).
4 – The Stage 1 Audit (a ‘Document Review’). This is the first part of the audit proper.
5 - The Stage 2 Audit (otherwise called the ‘Compliance Audit’)
6 – Ongoing Audits

21 comments:

ISO 27001 Certification said...

ISO 27001 Training covers all types of organizations. The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

Unknown said...

ISO certification are mainly very needed for the start up business.

ISO certification company in India

Ansa Certifications said...

Thank you so much for sharing such an awesome blog...

ISO 9712 training
UKAS accredited ISO 9712 training

Grace said...

Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u

iso 27001 lead auditor online training

Qdot International said...

thank u for sharing the amazing information about the iso certifications now I clear my all doubts about the iso certification. keep sharing the amazing content.
ISO 27001 Consultancy in UAE.
iso awareness training in uae.

SAUDI ARABIA said...

ISO certification are mainly very needed for the start up business.Thanks for sharing. ISO 27001 Training

James Williams said...


very informative a thank you for posting

ISO 27001 Certification

Jessy Shan said...

Nice post. I learn something totally new and challenging on sites . It's always helpful to read content..

ISO 27001 Certification

Hafeezriyas said...

Thanks for sharing such a great information to me.
ISO 22301 Qatar

Arya Rishi said...

Great Info!!! Thanks for sharing information with us.

Certificacao ISO 22301 no Brasil

Amith Sharma said...

This blog is the Best place for learning and contribution.

ISO 27001 Certifying Body in Hong Kong

Ritu Kumari said...

Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!
Thanks for all your information.Website is very nice and informative content.
certificacao iso 22301

YASARARAFAT said...

Thanks for given detail information to me. keep posting like this. ISO 27001 Certification in Qatar

Salja Kumari said...

Hi, just wanted to tell you, I enjoyed this blog post. It was funny. Keep on posting! Such a lovely blog you have shared here with us. Really nice. visit here
ISO 27001 certifying body in hong kong

Meena said...

thank u for sharing the amazing information about the iso certifications now I clear my all doubts about the iso certification. keep sharing the amazing content.
ISO 9712 certification

Meena said...

very informative a thank you for posting.
ISO 9712 certification

edicksnelson said...

I found your blog and it was really useful as well as informative thanks for sharing such an article with us. We also provide services related to certificação ISO 27001

jobinwason said...

Thanks for sharing.
certification iso 27001

noah said...

thankyou.
certificacion ISO 27001 bogota

Aishah Mahsuri said...

I learnt new things and information from your article.You have done a brilliant job. Let’s keep it up.

ISO 27001 Certification

ubrygghaar said...

Casino in Las Vegas: When and Where to Play and Stay
The best 충주 출장마사지 place to play casino in Las Vegas is near the 경상남도 출장마사지 beach, 안성 출장마사지 near 오산 출장마사지 the city center, and in 고양 출장마사지 the strip, near the shopping.