ePrivacy advises companies and public authorities on the implementation of information security management systems (ISMSs). Certification in accordance with the international ISO 27001 standard can be carried out by accredited ePrivacy experts.
What is ISO 27001?
ISO 27001 is an internationally recognized standard which codifies the requirements to be met by ISMSs with the aid of a process approach, having regard to the IT risks specific to the individual organization: The standard describes requirements governing the establishment, implementation, maintenance and continual enhancement of ISMSs.
ISO 27001 provides a basis for the obtaining of internationally recognized and very comprehensive certification. To this end, risk analyses are carried out and measures of a technical and organizational nature implemented, among other things.
The certification process in accordance with ISO 27001
The certification process is a continuous one which calls for the active involvement of the companies in question. This process is made up of four phases. The various phases together form one PDCA (Plan – Do – Check – Act) cycle.
The difference between ISO 27001 and ISO 27002
While ISO 27001 merely describes the requirements to be met by an ISMS, ISO 27002 provides guidelines and general criteria for the introduction, implementation, maintenance and improvement of information security management systems within organizations. The international code of practice for information security management comprises:
- Instructions and guidelines on information security
- Organizational security measures and management processes
- Staff safety
- Responsibility for and classification of informational data
- Access controls
- Physical safety and public services
- Operational safety
- Network security
- System development and maintenance
- Provider relationships
- Handling of security incidents
- Emergency plans
- Compliance with legal requirements and security guidelines and conduct of audits
Where ISO 27001 certification is obtained, ePrivacy can assist you in meeting the ISO 27002 criteria.
What are the advantages for you of obtaining ISO 27001 certification?
In addition to increasing the efficiency of the systems in place within your company, obtaining certification also builds trust on the part of your customers and business partners, being a testament to the careful and responsible handling of information. ISO 27001 certification constitutes official evidence of data security, and as such will not only accord you a competitive advantage in the context of tenders for the award of contracts, it is in fact increasingly a fundamental condition of eligibility for participation in such procedures.
Please contact us should you wish to find out more about our ISO 27001 advisory and certification services on a non-committal basis.