Certified information security according to ISO 27001
Information technology systems have become an indispensable part of today's everyday business life. At the same time, however, the threat level from cyber attacks and data theft is constantly increasing.
With an ISO 27001 certified information security management system (ISMS), you ensure the availability, confidentiality and integrity of operational information, data and processes. You also identify and eliminate potential security risks and systematically and continuously optimize IT security within your company.
The internationally recognized ISO 27001 standard, which defines the requirements for the introduction, implementation, operation and improvement of an ISMS, serves as a guide. Successful certification to ISO 27001 therefore provides objective proof that you meet the information security requirements of the standard and that your IT systems and processes are secure and reliable.
Your benefits at a glance
- Sustainable protection of your information, data & business processes
- Reliable availability and continuous improvement of your IT systems & processes
- Risk minimization through systematic detection of vulnerabilities
- Establishment of control & steering mechanisms
- Cost reduction by optimizing inefficient processes, improving system availability and avoiding security incidents
- Proof of trust & compliance to customers and business partners and thus increase competitiveness
- Sensitization of your employees to the topics of information security & data protection
- Fulfillment of internationally recognized requirements
- Reduction of insurance premiums & minimization of liability risks
Process of an ISO 27001 certification
Step by step to ISO 27001 certification: We accompany you through the entire certification process
Determination of certification readiness
Compliance with standard requirements, detection of non-conformities as well as ambiguities
Certification audit (level 1)
Document review, site assessment, determination of readiness for Level 2 audit
Certification audit (level 2)
Effectiveness testing, conformity to the standard, more intensive examination of documents, further audit methods.
Successful certificate issue
Issuance of the ISO 27001 certificate upon fulfillment of all standard requirements
Takes place in each of the first and second years after successful certification
Takes place 3 years after successful certification, extension of the validity period of the certificate
ISO 27001 audits
Independently of our certification services, we also offer GAP analyses and internal audits in accordance with ISO 27001, which can help you identify potential weaknesses in your ISMS.
All about ISO 27001 certification: standard, requirements & conditions
ISO 27001 certification provides objective proof that companies operate an effective information security management system (ISMS) that provides the best possible protection for their operational information, data and systems against hacker attacks and data loss.
The standard is based on the internationally leading ISO 27001 standard, which is aimed at private and public companies as well as non-profit institutions and provides them with systematic guidelines for planning, implementing, monitoring and improving an ISMS. The standard not only relates to IT processes, but also takes into account aspects of the infrastructure such as organization, personnel and buildings. ISO 27001 is structured according to the PDCA cycle (Plan-Do-Check-Act) and thus pursues a holistic, step-by-step and quality-oriented improvement of information security.
Frequently asked questions:
The central requirement of the standard and thus the basic prerequisite for certification according to ISO 27001 is the successful introduction of an ISMS. In addition, companies should have established an effective risk management system that addresses the assessment and treatment of existing and potential security risks (risk analysis strategy).
The normative main part of ISO 27001 is decisive for certification and comprises the following chapters and requirements:
- Context of the organization: defining the specific scope of the ISMS; conducting a requirements & environment analysis.
- Leadership & Commitment: requirements for organizational leadership responsibility; roles, responsibilities & authorities in the organization; corporate policy.
- Planning: measures to address risks & opportunities; establishing information security objectives and planning how to achieve them.
- Support: requirements to ensure ISMS effectiveness (resources, competencies, security awareness, communication, documented information).
- Operations: operational planning & control; regular risk assessment & treatment.
- Performance evaluation: monitoring, measurement, analysis & evaluation of measures and achievement of objectives; internal audits; management review.
- Improvement: non-conformance & corrective actions; Continuous improvement of the ISMS.
In addition, the controls from the normative Annex 1 must be observed or implemented.
Since the fundamental requirement for ISO 27001 certification is the implementation of an ISMS, this is preceded by many preparatory activities on the customer side.
These include, among others:
- Determination of the concrete area of application (scope)
- Definition of an information security policy & information security objectives
- Development of measures to deal with risks & opportunities
- Development of a risk assessment & risk handling methodology
- Development of an applicability statement
- Determination of roles, responsibilities & authorities in the organization
- Preparation of an inventory of assets
The duration of an ISO 27001 certification depends on various factors such as the size of your company (number of locations and employees), the complexity of the processes or the internal capacities. Therefore, this question cannot be answered in a general way. However, one thing is certain: the larger and more complex your company is, the more time it will take to achieve ISO 27001 certification.
For a more detailed assessment, please feel free to contact us.
The certificate is valid for a maximum of 3 years.
In the first and second year after successful certification, a surveillance audit is performed. After three years, a recertification audit is carried out to check whether the requirements for extending the certificate are still met.
The costs for ISO 27001 certification vary depending on the size and situation of the company. The decisive factor is the number of days required for the two certification audits. While smaller and medium-sized companies usually require fewer days, larger companies and corporate groups should plan accordingly for more time and budget.
We would be happy to provide you with an individual quote for this.
ISO 27001 and the GDPR overlap in many areas. For example, both address the goal of ensuring the confidentiality, availability and integrity of data or follow a risk-based approach. However, the GDPR has a broader scope, so companies can simplify compliance with the GDPR through ISO 27001 certification, but not cover it completely.
You have questions? We are pleased to help!