Contrary to common belief, certification is applicable against ISO 27001, rather than ISO 17799. The certification itelf is international, in that National Accreditation Bodies have a mutual recognition model in place enabling certifications granted in one territory to be recognized in another. Clearly, this is essential for an international standard.
Common reasons to seek certification include: Organisational assurance; trading partner assurance; Competitive advantage (market leverage); reduction or elimination of trade barriers; reduced regulation costs; and so on.
To meet the certification requirements, an organization's ISMS must be audited by a 'Certification Body' (or strictly speaking, an assessor who works for a Certification Body). There is a clear segregation of dutues here: the assessor must be independent of consultancy and training.
A Certification Body must have been accredited by the National Accreditation Body for the territory in question (eg: UKAS in the UK). This helps ensure that the Certification Bodies meet national and international standards for their services, and ensure consistency. In respect to ISO 27001, this is typically a document called EA-7/03 (‘Guidelines for Accreditation of Bodies Operating Certification / Registration of Information Security Management Systems’).
The following diagram may clarify this process:
Different certification bodies tend to adopt slightly different approaches to the exercise, with some being more 'hands on' than others. However, the following six step process is a fairly common one:
1 - Questionnaire (the Certification Body obtains details of your requirements)
2 - Application for Assessment (you complete the application form)
3 - Pre-assessment Visit or a ‘Gap Analysis’ (optional).
4 – The Stage 1 Audit (a ‘Document Review’). This is the first part of the audit proper.
5 - The Stage 2 Audit (otherwise called the ‘Compliance Audit’)
6 – Ongoing Audits
Monday, June 30, 2008
Subscribe to:
Post Comments (Atom)
21 comments:
ISO 27001 Training covers all types of organizations. The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO certification are mainly very needed for the start up business.
ISO certification company in India
Thank you so much for sharing such an awesome blog...
ISO 9712 training
UKAS accredited ISO 9712 training
Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u
iso 27001 lead auditor online training
thank u for sharing the amazing information about the iso certifications now I clear my all doubts about the iso certification. keep sharing the amazing content.
ISO 27001 Consultancy in UAE.
iso awareness training in uae.
ISO certification are mainly very needed for the start up business.Thanks for sharing. ISO 27001 Training
very informative a thank you for posting
ISO 27001 Certification
Nice post. I learn something totally new and challenging on sites . It's always helpful to read content..
ISO 27001 Certification
Thanks for sharing such a great information to me.
ISO 22301 Qatar
Great Info!!! Thanks for sharing information with us.
Certificacao ISO 22301 no Brasil
This blog is the Best place for learning and contribution.
ISO 27001 Certifying Body in Hong Kong
Wonderful blog & good post.Its really helpful for me, awaiting for more new post. Keep Blogging!
Thanks for all your information.Website is very nice and informative content.
certificacao iso 22301
Thanks for given detail information to me. keep posting like this. ISO 27001 Certification in Qatar
Hi, just wanted to tell you, I enjoyed this blog post. It was funny. Keep on posting! Such a lovely blog you have shared here with us. Really nice. visit here
ISO 27001 certifying body in hong kong
thank u for sharing the amazing information about the iso certifications now I clear my all doubts about the iso certification. keep sharing the amazing content.
ISO 9712 certification
very informative a thank you for posting.
ISO 9712 certification
I found your blog and it was really useful as well as informative thanks for sharing such an article with us. We also provide services related to certificação ISO 27001
Thanks for sharing.
certification iso 27001
thankyou.
certificacion ISO 27001 bogota
I learnt new things and information from your article.You have done a brilliant job. Let’s keep it up.
ISO 27001 Certification
Casino in Las Vegas: When and Where to Play and Stay
The best 충주 출장마사지 place to play casino in Las Vegas is near the 경상남도 출장마사지 beach, 안성 출장마사지 near 오산 출장마사지 the city center, and in 고양 출장마사지 the strip, near the shopping.
Post a Comment