Overview of Certification
An Accredited Registrar such as PJR may certify your ISMS to ISO/IEC 27001. Such certification provides your organization with the credibility needed to do business into today’s information-rich world. Like many other ISO standards, ISO/IEC 27001 certification involves a three-stage audit process:
Informal Review of ISMS – In the first stage of your ISO/IEC 27001 audit, auditors will do an informal review of your ISMS. This review will include actions such as checking for the existence of key ISMS documents and reviewing the overall ISMS. The goal of this stage is to familiarize the auditors with your organization and for you to get to know the auditors.
Formal Conformance Audit – The second stage of your ISO/IEC 27001 audit is the formal audit. This is a thorough and detailed review and test of your Information Security Management System against the ISO/IEC 27001 requirements. During this phase, auditors will interview key employees to test their understanding of your ISMS. Provided your organization’s system complies with the ISO 27001 standard, this audit will result in your ISMS being certified to ISO/IEC 27001.
Follow-up Audits – The final stage of ISO/IEC 27001 certification is a recurring audit to ensure that your ISMS is continually being evaluated and improved. A follow up audit – done at least annually – is meant to confirm that your organization remains compliant with the standard. These audits may be done more frequently in the beginning, particularly while your ISMS is still maturing.
Deciding to pursue a certified Information Security Management System is a big step for any organization, but the potential rewards are great. Armed with a certified ISMS, your organization will be able to bid contracts more competitively, attract more customers, and ensure all stakeholders that the information that keeps your business running is protected.