Information Security Management Systems (ISMS) - ISO/IEC 27001:2005
All companies depend on information in one form or another to operate their business processes. Much of this information is now stored and processed electronically and is exchanged with business partners over computer networks; many of which are public. Security of information may be at risk from a number of areas. Should the company's system not be secure the consequences of data corruption may be catastrophic.
With the rapid expansion in electronic commerce, especially in international trade, there is a corresponding interest in the ability of companies to demonstrate control of the security of their Information systems. Extensive guidance on organizational aspects of risk assessment and control is given in the Code of Practice for Information Security management ISO/IEC 27001:2005. It supports the Specification for Information Security Management Systems, ISO 27001:2005 which, in turn, provides the basis for independent assessment of an organization's ISMS, by IQCERT.
For more information regarding this standard and Code of Practice, please contact your local IQCERT office.
Once your ISMS is fully documented and has been operating for at least 3 months then you may proceed with registration. The steps to certification are outlined below.
STEPS TO ISO 27001 CERTIFICATION
Step 1
Forward a completed ISO 27001 questionnaire (please request the questionnaire from your local office). The questionnaire is a vital tool for IQCERT, as it enables us to obtain a clear picture of your business in terms of ISMS issues. From the questionnaire we can supply you with a detailed quotation and select an appropriate auditor.
Step 2
Submit a completed
application form and application fee.
Submit a copy of the ISMS documented system for review.
Step 3
The on-site audit is conducted.
A formal report is produced. The recommendation for certification or otherwise will be stated at the close of the audit.
Step 4
Following any corrective actions from the audit, the formal certificate will be raised and the company shall be placed on surveillance.
Step 5
Surveillance visits will be conducted annually (Surveillance visits will be previously agreed via the quotation and confirmed at the final meeting of the on-site audit). The number of man-days will be based on the complexity of the site and the ISMS.
COSTS OF ISO 27001 CERTIFICATION
Due to the diversity of companies and the nature of differing ISMS impact, it is difficult to provide a schedule of costs. As a result, quotations will be provided on a case by case basis. For further details, please do not hesitate to contact your local office.
To obtain a formal quotation please contact any IQCERT office
