Phase 10 The Iso 27001 Certification Process

By Author: Bill Westrom
Total Articles: 1
Comment this article

The ISO 27001 certification process consists of obtaining a certificate of compliance with the requirements of the standard issued by an independent certification body.

The standard under which the certificate is obtained is the UNE-EN ISO / IEC 27001 standard. Certifications issued by a Certification Entity may or may not be accredited by an accreditation entity (in Spain the national accreditation entity is ENAC) . IN any case, the accreditation entities must belong to the IAF (International Accreditation Forum).

The certification phase is not mandatory but it certainly has undeniable benefits when it comes to asserting the implementation of an ISMS before our clients and interested parties.

BENEFITS OF CERTIFYING

Obtaining the certificate carries a series of benefits, among others:

It is a competitive advantage over other companies
Facilitates access to an increasingly competitive market that increasingly requires by more companies and public bodies a certificate of compliance with Information Security when bidding and contracts
Improve ...
... the image of the company
Improves the confidence of customers and users of our services in terms of data security and protection
It guarantees an effective implementation of the standard when evaluated by an entity with experience and that will provide us with advice to improve the system.

ISMS CERTIFICATION AUDIT
After the implementation phase, the Certification audit is carried out no earlier than a period of at least 3 months during which the system must be operating.

The process begins with the certification request to a certifying entity who, after formalizing the process through a contract, will carry out the certification audit

The certification audit is carried out in two phases:

Before starting the audit, the auditor must send an audit plan to the company.