Attributes
| Name: | ISO 27001 Assurance Program |
| Criteria: | ISO 27001 and Client Charter |
| Market: | All organizations utilizing information technology |
| Scope: | International |
| Output: | Certificate of Confidence |
| Validity: | 3 years, subject to on-going requirements |
| Outcome: | Certification gives confidence to the organization, its customers, regulators and/or other interested parties in the ability to effectively manage information security. |
Background
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The adoption of an ISMS is a strategic decision for an organization. The establishment and implementation of an ISMS is influenced by the organization’s needs and objectives, security requirements of interested parties, the processes used and the organizational size and structure maintained, all of which can change over time.
A sound ISMS and Statement of Accountability preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
The process
As an organisation, the steps involved for you are:
- Applying for certification:
Review and accept our customised Proposal, and you’re underway! - Achieving certification:
Firstly, a pre-certification audit or “test run” will be conducted either on-site (at your premises) or off-site (at our premises) or both, to see whether your management systems are suitable. Areas of concern will be reported. Once concerns have been actioned, an on-site certification audit will be conducted, where we will examine the extent to which you address the program criteria. Areas of concern will be reported. Once we are satisfied there are no outstanding issues that present an unacceptable risk to you, your employees, customers, regulators, Equal Assurance or others, we can proceed to issue a Certificate of Confidence. Well done! - Maintaining certification:
Depending on the level of risk, we will conduct a series of surveillance audits (and in some cases special and follow-up audits) and tri-ennial re-certification audits, to examine the extent to which you continue to address the program criteria. Areas of concern will be reported. So long as we continue to be satisfied there are no outstanding issues that present an unacceptable risk to you, your employees, customers, regulators, Equal Assurance or others, your certification remains valid.
Your next step
Click the link below to contact one of our Account Managers who will prepare a Proposal Form at no cost.