When Quality Matters

ISO/IEC 27001 INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATIONBUILD A REPUTATION AS A COMPANY THAT KEEPS ITS INFORMATION SAFE WITH THE ISO/IEC 27001 CERTIFICATION

www.ccqm.ch

The ISO/IEC 27001 Information Security Management standard helps organizations to keep their information assets secure, by building an information infrastructure against the risks of loss, damage or any other threat.

Companies that certify their management system against ISO/IEC 27001 validate that the security of financial information, intellectual property, employee details, or information entrusted from third parties is being successfully managed and continually improved in accordance with widely accepted best practices and the standard’s framework.

BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR ORGANIZATION:• Providesseniormanagementinvolvedininformationsecuritywithanefficientmanagementprocess• Providesyouwithacompetitiveadvantageduetocustomertrustandmarketshare• Reducescostsduetoincidentandthreatminimization• Demonstratedcompliancewithcustomer,regulatoryand/orotherrequirements• Setsoutareasofresponsibilityacrosstheorganization• Communicatesapositivemessagetostaff,customers,suppliersandstakeholders• Integrationbetweenbusinessoperationsandinformationsecurity• Alignmentofinformationsecuritywiththeorganization’sobjectives• Seizingopportunitiestoputforwardtruevaluethroughenhancementofmarketing

BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR CUSTOMERS:• Keepsintellectualpropertyandvaluableinformationsecure• Providescustomersandstakeholderswithconfidenceinhowyoumanageriskrelatedtoinformationsecurity• Securesexchangeofinformation• Ensuresthatyouaremeetingyourlegalobligations• Managesandminimizesriskexposure• Costsavingsforrework,damagesandwaste

UNDERSTANDING THE CERTIFICATION PROCESSISO/IEC27001certification(alsoknownas“registration”)isgrantedbyathird-party,suchasCCQM,uponverifyingthroughanauditthattheorganizationisincompliancewiththerequirementsoftheISO/IEC27001standard.Thiscertificationisthenmaintainedthroughscheduledannualsurveillanceauditsbytheregistrar,withre-certificationoftheInformationSecurityperformedonatriannualbasis.

• Step1.Pre-Audit(Optional)-Itmustbedoneatleast3monthsbeforeCertificationAudit• Step2.AuditPlan-Planforaudithastobemutuallyagreed• Step3.AuditStage1&2-Non-conformitiesmustbeclosedatleast3monthsafterauditconclusions• Step4.InitialCertification-Certificatewillbeissuedwithin2weeksaftersuccessfulauditclosing

Oncecertificationhasbeenobtained,theorganizationwillbesubjectedtotwosurveillanceauditswithin24monthsfromtheinitialcertification:

• SurveillanceAuditStage1-Nolongerthan12monthsfromtheinitialcertificationaudit• SurveillanceAuditStage2-Nolongerthan12monthsfromthe1stsurveillanceaudit

WHY CHOOSE CCQM?CCQMisacertificationbodyforpersons,managementsystems,andproductsonawiderangeofinternationalstandards.Asaglobalprovideroftraining,examination,audit,andcertificationservices,CCQMoffersitsexpertiseonmultiplefields,includingbutnotlimitedtoInformationSecurity.

We help organizations to show commitment and competence with internationally recognized standards by providing this assurancethrough the education, evaluationandcertificationagainstrigorous,internationallyrecognizedcompetencerequirements.Withaglobalcoverageofmorethan200partnersinover120countriesworldwide,ourmissionistoprovideourclientscomprehensiveservicesthatinspiretrust,continualimprovement,demonstraterecognition,andbenefitsocietyasawhole.

TofindouthowyoucanobtaintheISO/IEC27001certification,visitwww.ccqm.ch/certification

PRE-AUDIT (FACULTATIVE)

YEAR 2 (SURVEILLANCE AUDIT)

YEAR 3 (SURVEILLANCE AUDIT)STAGE 1 AUDIT STAGE 2 AUDIT

CCQM CERTIFICATION PROCESS