ISO 27001 - Information Security Management

Attributes

Name:

ISO 27001 Assurance Program

Criteria:

ISO 27001:2013 and Client Charter

Market:

All organisations utilising information technology

Scope:

International

Output:

Certificate of Confidence

Validity:

3 years, subject to on-going requirements

Outcome:

Certification gives confidence to the organisation, its customers, regulators and/or other interested parties in the ability to effectively manage information security.

ISO 27001.png

Why ISO 27001?

ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The adoption of an ISMS is a strategic decision for an organisation. The establishment and implementation of an ISMS is influenced by the organisation’s needs and objectives, security requirements of interested parties, the processes used and the organisational size and structure maintained, all of which can change over time.

A sound ISMS and Statement of Accountability preserves the confidentiality, integrity and availability of information by applying a risk management process and formal certification to the ISO 27001 international standard gives confidence to interested parties that the security risks of sharing their information with a service provider are adequately managed.

Benefits of ISO 27001 Certification

  • Data Integrity - ISO 27001 certification means that a business has constructed an information security management framework that allows data to be organised, protected, and accessed only by authorised personnel.

  • Efficient Business Operations -With an ISO 27001 certified information management system, data analysis and visualisation is made easier. This allows for evidence-based management decisions for the continual improvement of operations.

  • Proof of Commitment - Certification demonstrates to your stakeholders that your organisation prioritises the security and confidentiality of the data they are entrusted.

  • Competitive Advantage - Any company can claim that they have strong data protection systems in place, but not everyone can back it up with an ISO 27001 certification.

How do I get Certified?

As an organisation, the steps involved for you are:

1.     Applying for certification:

Review and accept our customised Proposal, and you’re underway!

2.     Achieving certification:

Firstly, a pre-certification audit or “test run” will be conducted either on-site (at your premises) or off-site (at our premises) or both, to see whether your food safety processes are suitable. Areas of concern will be reported. Once concerns have been actioned, an on-site certification audit will be conducted, where we will examine the extent to which you address the program criteria. Areas of concern will be reported. Once we are satisfied there are no outstanding issues that present an unacceptable risk to you, your customers, regulators, Equal Assurance or others, we can proceed to issue a Certificate of Confidence. Well done!

3.     Maintaining certification:

Depending on the level of risk, and/or whether you are transferring from another provider, we will conduct a series of surveillance audits (and in some cases special and follow-up audits) and tri-ennial re-certification audits, to examine the extent to which you continue to address the program criteria. Areas of concern will be reported. So long as we continue to be satisfied there are no outstanding issues that present an unacceptable risk to you, your customers, regulators, Equal Assurance or others, your certification remains valid.

Your next step:

Further details regarding the specific requirements of ISO 27001 and other certification services are provided in our 'Equal Assurance' Client Charter. This and other relevant documentation are available by contacting EQAS Certification on +61 8 83382771, and we can prepare a Proposal at no cost. If you already have a proposal simply contact us with any query.

 

EQAS Certification is a practice member of 'Equal Assurance', a world-wide confederation of independent certifying auditor practices and accredited partners that provides a range of JAS-ANZ accredited management system assurance programs and certifications across Australia, New Zealand, and overseas.