ISO 27001 FAQ
What is ISO 27001?
ISO 27001 is an International standard that provides the requirements for establishment, implementation, maintenance and continual improvement of anInformation Security management system.
What is Information Security Management System ?
An Information Security Management System(ISMS) is the part of an organization's management system that consists of a set of policies, objectives and procedures to ensure that the organization's information is kept secure, to manage & minimize the risk and ensure business continuity by pro-actively minimizing the impact of a security breach.
Can only IT Companies get certified for ISO 27001 ?
No. Not necessarily. Any Organization handling a huge amount of information and seeks to protect sensitive data can get certified for ISO 27001. Apart from IT Companies, even Banks, Visa Offices, Chartered Accountant firms, and other industries which needs to protects its sensitive data from unauthorized disclosure, falsification, misuse, disclosure, modification – can get certified to ISO 27001.
Which is the latest version of ISO 27001 ?
The latest version of ISO 27001 is ISO 27001:2013, which was published by ISO in October2013.
What are the advantages of implementing ISO 27001Information Security Management System ?
What is a Certification Body ? A Certification body is an authority to provide third party certification for the various ISO standards to which it is accredited. Certification is through formal audits conducted by the Certification bodies on the organization/institution seeking ISO certification.Some World famous Certification bodies include BSI (British Standards Institution), Bureau Veritas Certification, TÜV Nord, TÜV Rheinland, TÜV SUD, TÜV Intercert, TŪV Austria, etc.
What is Accreditation? What is an Accreditation Body ?
Accreditation is a process by which a certification body is certified to be competent to issue ISO Certificate to businesses. Accreditation adds value to your ISO certificate. Accreditation assures users of the competence and impartiality of the body accredited.
An Accreditation body provides Accreditation to a Certification Body.
Some of the popular Accreditation bodies are UKAS (United Kingdom Accreditation Service) from the United Kingdom, DAkks (Deutsche Akkreditierungsstelle GmbH) from Germany, ANAB (ANSI-ASQ National Accreditation Board) from the United States, JAS-ANZ (Joint Accreditation System of Australia and New Zealand), DAC (Dubai Accreditation Center) from the United Arab Emirates.
So, as an Organization / Institution seeking Certification can ask for an accreditation that is suitable for them.
ISO 27001 certificate is valid for how many years ?
Upon successful completion of the ISO documentation audit and ISO Implementation audit, the certification body issues the ISO 27001 certificate for 3 years. After certification, there will be a surveillance audit each at the end of the first and second years. The next year will be the Re-certification audit.
We are only two people in our organization. Can we get ISO 27001certified?
Yes as long as you handle loads of data and wish to protect it. ISO 27001 Certification can be obtained irrespective of the size of an organization starting from 2 to thousands of people. Let your industry be a tiny, micro, small scale, medium scale, large scale or a very large scale. The same clauses apply.The only difference is that for an organization of lesser size, the implementation can be quicker and easier than that of a large sized organization.
What will be the costs involved?
Here there are two costs involved. One is the cost of consultancy (for which you can call us at 9379917239 or email us at email@example.com). The second cost is that of Certification. This cost depends on the Certification body and the value it offers. Generally, there is a cost of Initial Certification that needs to be paid before Certification Audits. Once successfully certified, there will be a surveillance audit costs at the end of first and second years each respectively. This is followed by re-certification cost for the third year. We offer a total package of consultancy and certification to enable our client to get service as a single stop solution.
How long it takes for ISO 27001Consultancy and Certification?
It generally depends on the commitment of Top Management and other personnel in an organization, number of processes, size of the organization, etc. Normally for an organization with less than 10 people, it might take 3 months’ time to consult and a month’s time for certification. Of course, this is just an approximation while the real time frame depends on the extent of client cooperation, dates availability of the certification body, etc.