ISO 27001 is thé global standard for information security. With the ISO 27001 certification, you show that you meet the ISO 27001 requirements around information security.

Below, we are happy to explain the ISO 27001 certification. Would you like to make an appointment with our expert directly to answer your questions about certification and the audit cycle? Then contact us on +31 (0)73 220 2030 or schedule an online introduction.

The benefits of ISO 27001 certification

  • Is ISO 27001 certification mandatory? The certification is not mandatory; however, clients sometimes demand ISO 27001 certification, or it is requested at tender. If you have a certification, this provides certainty for your customer. In addition, it is your proof that you comply with the ISO requirements for information security.
  • Optimization of your processes and cost savings because of efficiency.
  • You have a competitive advantage and are therefore distinctive from other organizations (also in tenders).

Starting up ISO 27001 certification

  1. Purchase the current ISO 27001 standard.
  2. Implement an information security management system and record the agreements and procedures made in the system.
  3. Check all changes against an internal audit.

ISO 27001 implementation

The basis of ISO 27001 is the implementation of an information security management system. In it, you record, among other things, which controls you have taken with regard to information security. Besides the technical aspect of information security, the role of man is central here. If you set up the system in accordance with ISO 27001, you can have its operation tested and certified by an independent body.

ISO 27001 certification costs

We are happy to perform the ISO 27001 audit for you that is required to obtain the accredited certification. The costs of ISO 27001 certification depend on several factors. For example, the size (number of sites or FTEs) and complexity of your organization. As every organization is unique, we are happy to discuss your starting position with you and identify which steps (may) still need to be taken to be ready for certification. We can then make a customized certification proposal.

 

More information

FAQ

What is the difference between ISO 27001 and ISO 27002?

ISO 27001 is a management system standard. This standard states how an organization can set up its ISMS in a process-oriented way. This process must comply with the PDCA cycle, and a risk analysis must be done. ISO 27002 is an extension and discusses ISO 27001 controls. It provides guidelines for implementing the requirements of ISO 27001. ISO 27002 contains examples and controls to shape the risk analysis for your organization.

What is the difference between ISO 27001 and NEN 7510?

The basis of both standards is the same. NEN 7510 is specific to organizations that process personal health information. This standard has 3 additional controls and a care-specific control has been appointed for 33 existing controls.

Read a more detailed article about the differences.

What is the difference between ISO 27001 and ISO 9001?

ISO 27001 is a global standard for information security in which the focus is on the implementation of an information security management system. ISO 9001 is a global quality management standard that focuses on the implementation of an internal quality management system.

What other standards does the ISO 27000 family have?

The ISO 27000 series are all information security standards. ISO 27001 and ISO 27002 are the best-known standards in the family. Only ISO 27001 is certifiable. All other standards within the 27000 family are extensions of ISO 27001. These standards are often meant for fields/niche markets that need more specific controls. For example, there are extensions for cloud services (ISO 27017), network security (ISO 27033) and the healthcare sector (ISO 27799). All these standards can be found on the ISO or NEN website. You can see an overview of all standards on the ISO 27000 wikipedia page.

How long is the validity period of an ISO 27001 certificate?

An ISO 27001 certificate is valid for three years and consists of a cycle. During these three years, surveillance audits take place to check whether the organization still meets the requirements of the ISO 27001 standard. After three years, a recertification will take place and if the result is positive, the certificate will be renewed for another three years.

Read more in our extended article.