ISO 27001 Certification Process
If you need an ISO 27001 Certification but have not developed your Information Security Management System (ISMS), contact us so we can get you pointed in the right direction.
If you can’t fulfill the below steps, we can still likely get you the requisite support to be successful with the certification. This is a partnership to get you ISO 27001 Certified. Most clients we can advise directly or refer you to a security services provider to support.
If you have already developed your ISO 27001 ISMS follow the steps below:
30 – 60 Minute Conference Call to Validate Scope and Context to support our review.
This call is intended to focus on the design of your Information Security Management System (ISMS) and readiness to conduct the actual certification audit. We will also use this information to begin preparing a proposal and planning documentation.
Collection of ISO 27001 ISMS Documentation. To validate your ISMS we need:
- Proof of management support.
- Documented scope of your ISMS.
- Your inventory of information assets.
- Your risk assessment of in scope information assets.
- A statement of applicability (known as the SOA).
- A risk treatment program (known as the RTP).
- Application of the ISO27002 controls to satisfy your risk treatment plan.
- Collection of Mandatory Documentation and Records (We’ll send you a document request list for this).
Our initial review is conducted
This step includes starting the certification audit. We will focus on the development and execution of your Information Security Management System (ISMS). This is usually an iterative process with our clients to collect and understand your ISMS documentation and scope.
Review of gaps and missing documentation
If there is any missing documentation we’ll want to start collecting it at this step. Completion of this step is required before issuing a certificate.
Remediation and finalization
Upon positive certification decision, the organization and ISO 27001 Certifications will agree to on rules and requirements for complying with the certification. Digital copies of the certification are delivered to the organization and certificate numbers are recorded within ISO 27001 Certifications.
Surveillance audits are conducted to ensure that certified organization is able to maintain its
compliance to the relevant standards. Surveillance audits are conducted at least annually, in a