ISO 27001 (Information Security Management Systems) is a standard that will enable organisations to manage all types of information to ensure the confidentiality, integrity and availability of information.The international standard provides requirements for the establishment, implementation, maintaining and continually improving information security management in organisations. Certification to this standard is a demonstration of an independent expert assessment whether the organisation’s information and data are adequately protected.

FOR WHOM?ISMS can be applied to any business in any industry for the day-to-day management of security risks to the information of the organisation’s business processes, stores or transmits.

WHY IMPLEMENT ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM IN YOUR ORGANISATION?

It allows the organisation to prove that they are managing information through a risk-based assessment and treatment of information security risks.

It will help the organisation coordinate the information security whether these information are electronically or manually managed.

It will prove to the organisation’s potential customers that they seriously secure their personal and business information.

Cost reductions in avoiding security incidents by proactively implementing controls.

ISO 27001: 2013

Information Security Management System—

ISMS is a globally recognized framework of proven procedures for information security governance risk and compliance.

socotec-certification-international.com

Optional: Pre-assessment auditWe can provide an independant of your management system (MS) before and/of after the commencement of the Stage 1 audit of the initial assessment process

Stage 1 auditFirst, we gain an understanding of your business to assess wether your documented policy, objectives, continual improvement plans and procedures meet the requirements of MS standard. The readiness of your implementation programme is also assessed. (For GDPMDS certification, this audit is combined with stage 2 audit.)

Surveillance auditAfter you have achieved certification, we undertake regular ongoing audits of your MS to ensure that it is being maintained and that it continues to meet the objectives of your organisationand the expectation of your customers.

Re-certification auditThe certificate is valid for 3 years. A recertification audit is conducted on the full MS before the expiry of the certificate.

Stage 2 auditThe we audit your MS in action, to check that your declared policy, objectives and targets have been effectively communicated, and that your continual improvement plans and procedures are working in practice. Certification is then awarded after successful closures of any outstanding issues.

Complete & Submit Application Form

Receive Quotation

Return Acceptance Form

On-site stage 1 Readiness Audit

Ready for stage 2 Audit

On-site stage 2 Audit undertaken

Auditor’s recommendation

reviewed

Certification awarded

Ongoing surveillance**

Has the MS been established to justify

the proceeding to Stage 2 audit

Address the gap identified

Nonconformities corrected

Corrective action submitted for

review

CERTIFICATIONAUDITING PROCESS

MANAGEMENT SYSTEMCERTIFICATION AUDITING PROCESS

NO

NO

OK

YES

CERTIFICATION PROCESS

* No contractual

** The on-going surveillance is governed by the contract issued during the initial audit.

socotec-certification-international.com

Does the MS implementation meet standard requirements?

Implement actions & submit

for review