Information security – and with it ISO 27001 certification – is very much in the spotlight. Organizations are increasingly dealing with confidential and/or privacy-sensitive data. It is essential that this information does not leak out or get left around. But how do you, as an organization, ensure that you take the right control measures to prevent this? And how do you show customers, suppliers and other stakeholders that you have taken these measures? ISO 27001 certification is the solution.

ISO 27001 standard

The ISO 27001 standard is the worldwide standard for information security. The basis for this is the implementation of an information security management system. In this document you lay down, among other things, which implementation and management of controls you have carried out in the area of information security. Alongside the technical aspect of information security, the role of people – both inside and outside the organization – is central. If you set up the system in accordance with the ISO 27001 standard and have its operation tested and certified by an independent party, you demonstrate to your customers in a simple, transparent and globally accepted manner that information security is being implemented properly in your organization. So your customers have peace of mind when doing business with you. It’s not surprising that ISO 27001 certification is a common requirement in tenders.

ISO 27001 certification

We would like to carry out for you the audits required to obtain an ISO 27001 certificate. Because every organization is unique, we would be happy to discuss your starting position with you and identify any steps which still need to be taken to be ready for certification. We then draw up a tailor-made certification proposal for you. The cost of ISO 27001 certification depends on various factors, such as the size and complexity of your organization.

What is the difference between ISO 27001 and ISO 27002?

ISO 27001 is a management system standard which sets out how an organization can set up its ISMS in a process-oriented way. This process must comply with the PDCA cycle and a risk analysis must be carried out. ISO 27002 is an extension of ISO 27001. It provides guidance on how to meet the requirements of ISO 27001. ISO 27002 contains examples and measures to shape the risk analysis for your organization.

The other standards of the ISO 27000 family

The ISO 27000 series are all standards for information security. ISO 27001 and ISO 27002 are the best-known standards in the series. ISO 27001 is the only one for which certification can be obtained. All the standards after 27001 are extensions to ISO 27001 and most of them are intended for fields/niche markets that require more specific measures. For example, there are extensions for cloud services (ISO 27017), network security (ISO 27033) and the healthcare sector (ISO 27799). All these standards can be found on the websites of ISO and NEN. An overview of all the standards can be found on the ISO 27000 wikipedia page.

ISO 27701 for privacy

ISO 27701  is also an extension of the ISO 27001 standard for information security, but provides specific privacy controls. The purpose of this standard is to provide organizations with a practical framework with which they can extend the existing ISMS to become a PIMS (Privacy Information Management System).