Achieve ISO 27001 Certification with support from Assent, the Risk Management Consultants. We can help you implement an Information Security Management System that’s effective for your organisation, embedding good practice into your operations; helping you achieve Certification with UKAS accredited body.
What is ISO 27001 Certification?
The ISO 27001 Certification mark has become a recognised sign of Info
rmation Security best practice and can be found on websites and marketing materials for a wide range of companies who handle information.
ISO 27001 Certification from a UKAS accredited body demonstrates that your Information Security Management System has been independently audited and found to be effective in meeting the requirements of the Standard.
While achieving Certification is not a declaration that the organisation is completely ‘risk free’, it does provide assurance that there is a framework for controlling risks and managing incidents, should they occur.
ISO 27001 Certification can also often be confused as certifying a particular product or software application. In-fact, it is a Management System Standard and therefore is applied to the management processes of the organisation.
However, the scope of the system can be defined to include the development and operation of the organisations ‘products’.
Finding ISO 27001 Certification Bodies
There are many different Certification Bodies available, each with different specialities and pricing.
We recommend using UKAS accredited ISO 27001 Certification Bodies, as this provides the impartiality needed to ensure effective auditing of your system.
Assent can guide you through the process of selecting the right Certification Body for you, and help you to manage a tender process between several bodies.
How long does ISO 27001 Certification take?
While the process of implementing and embedding an ISO 27001 Management System can vary in time, ISO 27001 Certification can be achieved relatively quickly.
It’s important to ensure your organisation is ready for Certification before proceeding. This means having at least 3 months of evidence and records to show the Management System has been operating.
Certification then takes place on two Stages.
Stage 1 is a ‘document check’ and has been designed to ensure that mandatory requirements are in place. During the Stage 1 audit, it is less likely that the Auditor will test the process of the Management System. The Stage 1 Audit provides an opportunity to understand how an organisation has built its system and plan for the Stage 2.
Stage 2 is usually a longer Audit and involves the Auditor looking for objective evidence that the ISO 27001 Management System is operating effectively. That can include things like training records, incident reports, supplier reviews, backup logs and so on.
Most ISO 27001 Certification Bodies apply a maximum time limit between Stage 1 and Stage 2 Audits to ensure no major changes happen in between.
How can Assent help?
Our business is to support clients in implementing effective ISO 27001 Information Security Management Systems and, ultimately achieve Certification.
We can do this in a number of ways including managing a full implementation project, providing a gap analysis report or remote support through our service desk and supporting materials.
We can help you select the right ISO 27001 Certification Body for your organisation and attend the Certification Audits to keep everything on track.