What is ISO 27001:2013?

An ISO 27001 information security management system is a regular and pro-active approach to effectively managing risks to the security of your company’s confidential information.

SEE THE BENEFITS

ISO27001 is the most well-recognised international standard for information security management. It can be applied to and implemented by all types of businesses, across all sectors and markets.

Although ISO27001 certification is not a legal, regulatory or compliance obligation, it is often a prerequisite to public and private sector tender processes, may be an essential condition for new business partnerships and is a well-respected benchmark that demonstrates your information security maturity.

As a result, many companies pursue ISO 27001 certification to evidence they are operating their internal information security practices to a high standard.

Benefits of certification:

Builds a culture of security

Cost reductions due to avoiding incidents

Demonstrating credibility and trust

Proving to clients you keep their information secure

Consistency in the delivery of your service or product

Audit Process.

Understand the process to obtain ISO 27001 certification:

ANSWER APPLICATION FORM

STEP 1

PRE-ASSESSMENT

This is an optional gap analysis service which takes place before your assessment visit. This gives you an early opportunity to review your existing Information Security Management System (ISMS) and compare it with the requirements of the ISO 27001 standard. This allows us to identify any omissions or weaknesses in your ISMS and provides you with a chance to prepare effectively for a formal assessment.

STEP 2

STAGE 1 ASSESSMENT

Stage 1 Assessment focuses on document review with the aim to determine if the mandatory requirements of the ISO 27001 standard are being met and gains sufficient understanding of the design of your ISMS. This stage defines preparedness to Stage 2 Assessment.

STEP 3

STAGE 2 ASSESSMENT

Stage 2 Assessment evaluates the implementation, including effectiveness, of your ISMS. It also determines that your ISMS adheres to your own policies, objectives and procedures. If your ISMS is fully operational and complaint with ISO 27001 standard we will recommend you being awarded for certification.

STEP 4

CERTIFICATION AND FOLLOW-UP

Once you are certified you will receive ISO 27001 certificate which is valid for three years. Your ISMS must be reviewed via continuous assessment process. We will visit you at least once a year for surveillance to verify if your ISMS remains complaint and continually improves. After three-year period, in order to renew your certification, you will need to apply for re-certification assessment.

Certification process includes:

GRANTING

When your ISMS fully complies with ISO 27001 requirements then Certification Committee will make decision to grant you a certificate.

REFUSING

When your ISMS does not comply with all ISO 27001 requirements then unfortunately we will not be able to grant you a certificate.

MAINTAINING

On regular basis during surveillance visits we will check if you implemented continual improvement to your system and if improvement is vital to remain compliant.

RENEWING

After 3-year cycle (before certificate expiration) your entire ISMS will need to be assessed in order to check your compliance with ISO 27001.

SUSPENDING

In cases e.g. if your ISMS seriously and permanently fails to meet ISO 27001 requirements then we are obliged to suspend your Certification.

RESTORING

Once the issues that have resulted in the suspension has been resolved we can restore your suspended Certification.

WITHDRAWING / REDUCING THE SCOPE OF CERTIFICATION

Failure to resolve the issues that have resulted in the suspension will result in withdrawal or reduction of the scope of certification.

EXPANDING

You may ask for scope extension. We will take a review of application and determine any audit activities necessary to decide whether or not the extension may be granted to you.

Useful Documents

Rules of using
Sysnet ISO Certification Mark

Download

Impartiality
Policy Statement

Download

Processes for handling requests for information, complaints and appeals

Download

Explore Solutions By Standard

COBIT.

Control Objectives for IT
Related Technologies

More info

Cyber Essentials.

UK Government backed scheme against common cyber attacks

More info

GDPR.

General Data Protection
Regulation, EU regulation

More info

HIPAA.

Health Insurance Portability and Accountability Act, US legislation

More info

ISO 27001.

International Standardisation Organisation

more info

PCI DSS.

Payment Card Industry Data Security Standard

more info

POPIA.

Protection of Personal Information Act

more info

SOX.

Sarbanes-Oxley,
US legislation

More info