What is ISO 27001
Certification
ISO / IEC 27001 is
a leading international standard for information security management.
Worldwide, implement and maintain the ISO 27001 Information Security Management
System (ISMS) to maintain critical information resources. This standard
describes the process of risk management with people, processes and information
technology systems, and thus provides a comprehensive approach to information
security.
Procedure ISO 27001
certification
An organization
willing get ISO 27001 certified shall Implement, establish and Maintain the
Management system as Defined in ISO27001 Standards. The Certification process
starts with first filling up with an application to the certification body with
basic details of the company including the Physical address, scope of the
Management system certified, Number of employees, process involved, Servers and
Other IT Hardware and software used. Upon calculation of the Costs and other
risks the certification comes up with the agreement with Quoted amount and
terms and condition to be followed upon the certification.
3-year Cycle
certification
An ISO
certification is usually validated by an audit cycle of 3 years. The first time
a company approaches the certification body for the certification,
Certification cycle begins with the Stage 1 audit involving the audit for
verification of gaps during the implementation of ISO standard. A Formal report
is given to the Organization for which the Organization being certified comes
with the effective action plan and closes the gaps necessary. After the closure
of the Stage 1 observation by the auditor the Organization calls upon for stage
2 audit. Stage 2 audit involves in verification of the effectiveness of implementation,
which may include the physical verification of records and the infrastructure.
The next two year following the certification audit is considered to be the
Surveillance audit.
Certification Vs
Surveillance Audit
A certification
audit which is carried out initially when an organization applies to the ISO
certificate
The purpose of the
certification audit is to
• Performance appraisal (monitoring,
measurement, report and review)
• Assess your legal compliance, prompt
process monitoring, internal audit, management review and policy
• Assess the relationship between
regulatory requirements, policies, goals and objectives of performance,
responsibilities, competencies of employees, operations, procedures and
performance data.
• Identify all areas for potential
management system improvement
A Surveillance
audit is the audit performed in the next 2 consecutive years of an
certification / Recertification cycle
The purpose of the
Surveillance audit is to
• Make sure your management system
continues to meet the requirements between audits
• Applications require internal audit
and management review
• Consider inconsistent actions
identified in previous audit
• Validate application of complaints
• Evaluate the ongoing effectiveness of
the management system in achieving its goals
• Rate and evaluate your legal
performance
• Evaluate the progress of the planned
activities that are constantly being improved
• Guarantees continuous operational
monitoring
• Review any changes in your
organization from a previous audit
• Make sure the accreditation marks are
used correctly
• Identify all areas for potential
management system improvement
Validity of your
ISO 27001 Certificate
Your certificate
is valid only for three years subjected to audit every year or as per the audit
Plan in the agreement. The validity of the certificate is clearly printed on
your certificate with Date of certification, Date of the validity and period of
validity. The validation of the certificate is based on the following
conditions to be adhered
• Make sure your management system
continues to meet the requirements between audits
• Applications require internal audit
and management review
• Consider inconsistent actions
identified in previous audits
• Evaluate the ongoing effectiveness of
the management system to achieve its goals
• Guarantees continuous operational
monitoring
• Identify all areas for potential
management system improvement
An unscheduled
audit can also be conducted as per the terms and conditions described in your
agreement.
Re- Certification
A Recertification
audit is performed in an organization when the 3-year cycle of the certificate
expires. The Purpose of Re-certification audit is ensuring that the company is
capable to effectively managing the system. The auditor ensures the 3-year
improvements and Stage 2 requirement of the audit as per the accreditation
body. If there have been any major changes such as change of location the
certification body carries out a Stage 1 audit again
Transfer
Certification
The transfer
certification is a term used to transfer your certification to other
certification body. When an organization finds that a certification does not
live up to the expectation companies can and should change the existing
certification body. The new certification body accepts the state of
certification within the same accreditation when it is equal to or less than 6
months
Retaining ISO
27001 Certification
Obtaining ISO
27001 certification, which is an important step for any business, is only the
first step in the process of continuous improvement, which is in the philosophy
of ISO.
You will be amazed
at how much you learn from the certification process; However, after
certification, you should continue to use and maintain a management system.
There are a number
of requirements that companies must meet to improve their systems and
businesses, as well as provide the certification perspective.
This includes
management review meetings, ongoing monitoring of customer improvement and
satisfaction, as well as regular internal audits. Performing a regular internal
audit is time-consuming, which not only requires knowledge and training of the
ISO standard, but the person performing the audit is not involved in the work
they are investigating.
Visit : iso 27001 certification
The Wall