The ISO IEC 27001:2017 Information Security Management System (ISMS) is the latest version of the international standard aimed at ensuring the correct management of logical, physical and organizational data security. Today, thanks to the increased circulation of data on the web and the multiplication of information exchanges on a global level, the issue of security has become increasingly pressing and of general interest.
The ISO 27001 Management System can be implemented by all private and public companies, regardless of the sector and type of company. Information must be considered as any other asset and must be protected as such. The objective of the ISO 27001 standard is precisely to protect data, in order to ensure its integrity, confidentiality and availability.
The ISO 27001 certification contributes to achieving high levels of security of the information held by the Organizations and ensures the possibility of better managing the degree of accessibility to the data.
The certification guarantees many advantages, including:
Compliance with ISO 27001 does not relieve the organisation of compliance with the minimum security measures and requirements required by European Regulation 679/2016 (General Data Protection Regulation). However, there are several points of contact:
One of the main concerns for those approaching the certification process for the first time is the thought of having to turn their organization upside-down.
The interventions necessary to properly implement an Information Security Management System consist of a series of activities that aim to carefully reorganise the practices already in place within the company in order to ensure greater control.
Also the ISO 27001 certification, like all the main new-generation international protocols, is based on the Risk-Based Thinking approach and aims at analyzing and monitoring risks from a damage prevention perspective, guaranteeing a management plan that is consistent with the company peculiarities.
The Certification ISO 27001 process begins with the System’s implementation, carried out by an internal specialist of the organisation or an external consultant.
Once the implementation is completed, ASACERT verifies the system consistency with the legislation and issues the Certificate that will be valid for 3 years and verified yearly.
The Audit taking place in the first year is carried out in two phases (Stage 1 and Stage 2) and leads to the final Certificate issue.
Within 12 months from the first certification, ASACERT carries out a Surveillance audit in order to verify that the management system is unchanged and still compliant with the standard. If any great change occurs, the Certification Body can modify the Certificate updating it to the organisation’s new situation.
Within one year from the first Surveillance Audit a second Surveillance Audit is due.
At the end of the third year, the organisation has to renew the Certificate through a specific Renewal Audit, otherwise the Certification will be no longer valid.
The timing depends on the consistency level of the Management System and on the business size.
To get more detailed information on costs and timing, contact us and we will be happy to offer you all the necessary support.
Asacert - Assessment & Certification | P. IVA 04484450962 | Realizzazione siti web NautilusADV