ISO 27001 (Information Security Management Systems) is a standard that will enable organisations to manage all types of information to ensure the confidentiality, integrity and availability of information.The international standard provides requirements for the establishment, implementation, maintaining and continually improving information security management in organisations. Certification to this standard is a demonstration of an independent expert assessment whether the organisation’s information and data are adequately protected.
FOR WHOM?ISMS can be applied to any business in any industry for the day-to-day management of security risks to the information of the organisation’s business processes, stores or transmits.
WHY IMPLEMENT ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM IN YOUR ORGANISATION?
It allows the organisation to prove that they are managing information through a risk-based assessment and treatment of information security risks.
It will help the organisation coordinate the information security whether these information are electronically or manually managed.
It will prove to the organisation’s potential customers that they seriously secure their personal and business information.
Cost reductions in avoiding security incidents by proactively implementing controls.
ISO 27001: 2013
Information Security Management System—
ISMS is a globally recognized framework of proven procedures for information security governance risk and compliance.
socotec-certification-international.com
Optional: Pre-assessment auditWe can provide an independant of your management system (MS) before and/of after the commencement of the Stage 1 audit of the initial assessment process
Stage 1 auditFirst, we gain an understanding of your business to assess wether your documented policy, objectives, continual improvement plans and procedures meet the requirements of MS standard. The readiness of your implementation programme is also assessed. (For GDPMDS certification, this audit is combined with stage 2 audit.)
Surveillance auditAfter you have achieved certification, we undertake regular ongoing audits of your MS to ensure that it is being maintained and that it continues to meet the objectives of your organisationand the expectation of your customers.
Re-certification auditThe certificate is valid for 3 years. A recertification audit is conducted on the full MS before the expiry of the certificate.
Stage 2 auditThe we audit your MS in action, to check that your declared policy, objectives and targets have been effectively communicated, and that your continual improvement plans and procedures are working in practice. Certification is then awarded after successful closures of any outstanding issues.
Complete & Submit Application Form
Receive Quotation
Return Acceptance Form
On-site stage 1 Readiness Audit
Ready for stage 2 Audit
On-site stage 2 Audit undertaken
Auditor’s recommendation
reviewed
Certification awarded
Ongoing surveillance**
Has the MS been established to justify
the proceeding to Stage 2 audit
Address the gap identified
Nonconformities corrected
Corrective action submitted for
review
CERTIFICATIONAUDITING PROCESS
MANAGEMENT SYSTEMCERTIFICATION AUDITING PROCESS
NO
NO
OK
YES
CERTIFICATION PROCESS
* No contractual
** The on-going surveillance is governed by the contract issued during the initial audit.
socotec-certification-international.com
Does the MS implementation meet standard requirements?
Implement actions & submit
for review