ISO 27001 CERTIFICATION
What is ISO 27001 standard?
ISO 27001 stands for a regulatory reference which certifies an organization’s information security management system.
The ISO 27001 standard can be applied to any type of company, regardless its field of activity or size.
What is the purpose of ISO 27001 standard?
ISO 27001 standard is built on 10 sections, designed to manage all the aspects of the company life and to lead the organization’s processes to the implementation of the information security management system.
By following the guidelines of ISO 27001 standard, the organization will be able:
- To develop a system for protecting private company informations and clients’ and suppliers’ informations as well;
- To undertake the procedures complied with the data protection regulations;
- To assess the risks linked to the information management and to prevent data breach.
Is ISO 27001 certification mandatory?
The adoption of an information security management system is voluntary for the companies.
Why obtain ISO 27001 certification?
By following the guidelines of ISO 27001 standard, the organization will be able:
- To prevent risks linked to the informations management;
- To improve awareness in terms of informatic security;
- To give customers and suppliers confidence that the company complies with the data safety regulations.
How to get ISO 27001 certification?
The certification path consists of 4 stages
Certification Request
All the economic aspects and the auditors’ activities related to the certification process may be agreed at this stage. The finalization of a contract concludes this part. Indeed the process for certification depends on the contract stipulated between the company and the certification body.
Generally, it is valid for three years.
Preliminary Audit (optional and possibly requested by the customer)
It is an initial assessment of the current company’s management system.
The preliminary audit is not involved in the normal process for certification and any possible improvement thus is intended to be nothing but a suggestion and it is not included in the official audit report.
Certification Audit – Stage 1
The audit is held in the company office. In this stage, the auditor gathers all the informations and evaluates the documents referring to the management system that must be certified. The auditor analyses the compulsory and voluntary standards. This is a preparatory step for the second stage of the Certification Audit.
Certification Audit – Stage 2
In this stage, the auditor will ascertain that the company complies with the management system. At the end of this process, the auditor will submit the ISO issue request to the certification body, if a significant nonconformity does not occur.