ISO 27001 is thé global standard for information security. With the ISO 27001 aka ISMS (Information Security Management System) certification, you show that you meet the requirements around information security.
Below, we are happy to explain the certification. Would you like to make an appointment with our expert directly to answer your questions about certification and the audit cycle? Then contact us on +31 (0)73 220 2030 or schedule an online introduction.
The benefits of ISO 27001 certification
- Is ISO 27001 certification mandatory? The certification is not mandatory; however, clients sometimes demand ISO 27001 certification, or it is requested at tender. If you have a certification, this provides certainty for your customer. In addition, it is your proof that you comply with the ISO requirements for information security.
- Optimization of your processes and cost savings because of efficiency.
- You have a competitive advantage and are therefore distinctive from other organizations (also in tenders).
ISO 27001 implementation
The basis of ISO 27001 is the implementation of an information security management system (ISMS). In it, you record, among other things, which controls you have taken with regard to information security. Besides the technical aspect of information security, the role of man is central here. If you set up the system in accordance with ISO 27001, you can have its operation tested and certified by an independent body.
ISO 27001 certification costs
We are happy to perform the audit for you that is required to obtain the accredited certification. The costs of certification depend on several factors. For example, the size (number of sites or FTEs) and complexity of your organization. As every organization is unique, we are happy to discuss your starting position with you and identify which steps (may) still need to be taken to be ready for certification. We can then make a customized certification proposal.
ISO 27001 is a management system standard. This standard states how an organization can set up its ISMS in a process-oriented way. This process must comply with the PDCA cycle, and a risk analysis must be done. ISO 27002 is an extension and discusses ISO 27001 controls. It provides guidelines for implementing the requirements of ISO 27001. ISO 27002 contains examples and controls to shape the risk analysis for your organization.
The basis of both standards is the same, but NEN 7510 is specific to organizations that process personal health information.
Read a more detailed article about the differences.
ISO 27001 is a global standard for information security in which the focus is on the implementation of an information security management system. ISO 9001 is a global quality management standard that focuses on the implementation of an internal quality management system.
The ISO 27000 series are all information security standards. ISO 27001 and ISO 27002 are the best-known standards in the family. Only ISO 27001 is certifiable. All other standards within the 27000 family are extensions of ISO 27001. These standards are often meant for fields/niche markets that need more specific controls. For example, there are extensions for cloud services (ISO 27017), network security (ISO 27033) and the healthcare sector (ISO 27799). All these standards can be found on the ISO or NEN website. You can see an overview of all standards on the ISO 27000 wikipedia page.
A certificate is valid for three years and consists of a cycle. During these three years, surveillance audits take place to check whether the organization still meets the requirements of the standard. After three years, a recertification will take place and if the result is positive, the certificate will be renewed for another three years.
Read more in our extended article.