Certification according to ISO 27001 on the basis of IT basic protection
What should be reached?
The information security management system established in the enterprise according to ISO / IEC 27001 on the basis of an IT basic protection is to be certificated.
The examination of the observance from ISO 27001 as well as from IT basic protection occurs through one of the Federal Offices for Security in the Information Technology (BSI) licensed auditor. The examination encloses a document check as well as a conversion check of the necessary IT security on site.
An ISMS of an enterprise can be certificated directly. However, the enterprise can also approach gradually the ISO 27001 certificates. This is to be recommended, above all, when the expenditure seems too high for a direct certification, nevertheless, a process of information security should be set up in the enterprise.
How do we proceed?
If you have resolved to let certificate the information security management system of your enterprise, you can instruct us as licensed ISO 27001 auditors. During an independent check we will check the conversion of the requirements according to certification procedure and recommend the issue of the certificate in the case of success.
Before the beginning of an audit the entire certification application must be handed in to the certification authority of the BSI. The application contains information of the applicant and a description of the investigation object as well as a declaration of independence of the auditor.
As next the realisation of the audit occurs in two partial steps:
- Sighting and check of the authoritative documents presented by the enterprise (IT-Security Policy, assessing the need of protection, results of base security cheques, risk analyses etc.).
- On site check in the enterprise and random checks investigations of the conversion of the documented circumstances.
Recognised defects in the document check or the on site check can be resolved within a term defined by the auditor.
In the case of a positive test result the auditor sends the audit report to the BSI. The certification authority of the BSI checks the audit report for completeness, traceability and reproducibility of the test results. After positive end of the test process the BSI issues an ISO 27001 certificate.
|What can you expect?|