Search in ISMS Guides


Monday, June 30, 2008

ISO 27001 Certification FAQ

What is certification?
ISO/IEC 27001 certification is the process by which an organization’s ISMS is examined against the ISO/IEC 27001 specification by an accredited certification body.

What is a certification body?
A certification body (also called a registration body, assessment and registration body, or registrar) is a third party that assesses and certifies that the ISMS of an organization meets the requirements of the standard.

Who accredits certification bodies?
Accreditation organizations accredit the competence of certification bodies to perform services in the areas of product and management system approval. These accreditation organizations are often, but not always national in scope.

What is the certification process?
The certification process includes:

1. Part 1 audit (also known as a desktop audit). Here the CB auditor examines the pertinent documentation.
2. Taking action on the results of the part 1 audit.
3. Part 2 audit (on site audit). Here the CB sends an audit team to examine your implementation of the reviewed, documented ISMS.
4. Correction of audit findings. Agreeing to a surveillance schedule.
5. Issuance of certificate. (Depending on the CB this can take a few weeks to several months.)

Following initial certification, the ISMS is subject to surveillance as specified by the CB, and then requires re-certification after three years.



ISO 9001 said...

I absolutely adore reading your blog posts, the variety of writing is smashing.This blog as usual was educational, I have had to bookmark your site and subscribe to your feed in ifeed. Your theme looks lovely.Thanks for sharing.


ISO 9001

ISO 9000 said...

I positively venerate celebration of a mass your blog posts, a accumulation of essay is smashing.
we have had to bookmark your site as well as allow to your feed.Your thesis looks lovely.Thanks for sharing.
iso 9000

ISO 27001 Certification said...

ISO 22000 formally specifies a management system that is intended to bring information security under management control. As per ISO 27001 information security system requirements the organization must design and implement a system for information security controls and other forms of risk treatment to address those risks that are deemed unacceptable. During our consultancy for ISO 27001 certification we examine the organization's information security risks, taking account of the threats, vulnerabilities and impacts.