MENU

ISO 27001 certification: ISMS certification according to ISO/IEC 27001

Certified information security according to ISO 27001

Information technology systems have become an indispensable part of today's everyday business life. At the same time, however, the threat level from cyber attacks and data theft is constantly increasing.

With an ISO 27001 certified information security management system (ISMS), you ensure the availability, confidentiality and integrity of operational information, data and processes. You also identify and eliminate potential security risks and systematically and continuously optimize IT security within your company. 

The internationally recognized ISO 27001 standard, which defines the requirements for the introduction, implementation, operation and improvement of an ISMS, serves as a guide. Successful certification to ISO 27001 therefore provides objective proof that you meet the information security requirements of the standard and that your IT systems and processes are secure and reliable.

Your benefits at a glance

  • Sustainable protection of your information, data & business processes 
  • Reliable availability and continuous improvement of your IT systems & processes
  • Risk minimization through systematic detection of vulnerabilities
  • Establishment of control & steering mechanisms
  • Cost reduction by optimizing inefficient processes, improving system availability and avoiding security incidents
  • Proof of trust & compliance to customers and business partners and thus increase competitiveness
  • Sensitization of your employees to the topics of information security & data protection
  • Fulfillment of internationally recognized requirements
  • Reduction of insurance premiums & minimization of liability risks

Process of an ISO 27001 certification

Step by step to ISO 27001 certification: We accompany you through the entire certification process
 


Determination of certification readiness

Compliance with standard requirements, detection of non-conformities as well as ambiguities


Certification audit (level 1)
  

Document review, site assessment, determination of readiness for Level 2 audit


Certification audit (level 2)
  

Effectiveness testing, conformity to the standard, more intensive examination of documents, further audit methods.


Successful certificate issue
  

Issuance of the ISO 27001 certificate upon fulfillment of all standard requirements 

Takes place in each of the first and second years after successful certification 

Takes place 3 years after successful certification, extension of the validity period of the certificate

ISO 27001 audits

Independently of our certification services, we also offer GAP analyses and internal audits in accordance with ISO 27001, which can help you identify potential weaknesses in your ISMS.
  

All about ISO 27001 certification: standard, requirements & conditions

ISO 27001 certification provides objective proof that companies operate an effective information security management system (ISMS) that provides the best possible protection for their operational information, data and systems against hacker attacks and data loss.

The standard is based on the internationally leading ISO 27001 standard, which is aimed at private and public companies as well as non-profit institutions and provides them with systematic guidelines for planning, implementing, monitoring and improving an ISMS. The standard not only relates to IT processes, but also takes into account aspects of the infrastructure such as organization, personnel and buildings. ISO 27001 is structured according to the PDCA cycle (Plan-Do-Check-Act) and thus pursues a holistic, step-by-step and quality-oriented improvement of information security.

Frequently asked questions: 
  

What are the requirements for ISO 27001 certification?

The central requirement of the standard and thus the basic prerequisite for certification according to ISO 27001 is the successful introduction of an ISMS. In addition, companies should have established an effective risk management system that addresses the assessment and treatment of existing and potential security risks (risk analysis strategy).

What are the requirements of ISO 27001 certification?

The normative main part of ISO 27001 is decisive for certification and comprises the following chapters and requirements:

  • Context of the organization: defining the specific scope of the ISMS; conducting a requirements & environment analysis.
  • Leadership & Commitment: requirements for organizational leadership responsibility; roles, responsibilities & authorities in the organization; corporate policy.
  • Planning: measures to address risks & opportunities; establishing information security objectives and planning how to achieve them.
  • Support: requirements to ensure ISMS effectiveness (resources, competencies, security awareness, communication, documented information).
  • Operations: operational planning & control; regular risk assessment & treatment.
  • Performance evaluation: monitoring, measurement, analysis & evaluation of measures and achievement of objectives; internal audits; management review.
  • Improvement: non-conformance & corrective actions; Continuous improvement of the ISMS.

In addition, the controls from the normative Annex 1 must be observed or implemented.

How do I prepare for ISO 27001 certification?

Since the fundamental requirement for ISO 27001 certification is the implementation of an ISMS, this is preceded by many preparatory activities on the customer side.

These include, among others: 

  • Determination of the concrete area of application (scope)
  • Definition of an information security policy & information security objectives 
  • Development of measures to deal with risks & opportunities
  • Development of a risk assessment & risk handling methodology
  • Development of an applicability statement
  • Determination of roles, responsibilities & authorities in the organization
  • Preparation of an inventory of assets
How long does ISO 27001 certification take?

The duration of an ISO 27001 certification depends on various factors such as the size of your company (number of locations and employees), the complexity of the processes or the internal capacities. Therefore, this question cannot be answered in a general way. However, one thing is certain: the larger and more complex your company is, the more time it will take to achieve ISO 27001 certification.

For a more detailed assessment, please feel free to contact us. 

What is the validity of an ISO 27001 certification?

The certificate is valid for a maximum of 3 years.

In the first and second year after successful certification, a surveillance audit is performed. After three years, a recertification audit is carried out to check whether the requirements for extending the certificate are still met. 

What are the costs of ISO 27001 certification?

The costs for ISO 27001 certification vary depending on the size and situation of the company. The decisive factor is the number of days required for the two certification audits. While smaller and medium-sized companies usually require fewer days, larger companies and corporate groups should plan accordingly for more time and budget.

We would be happy to provide you with an individual quote for this. 

Does ISO 27001 certification also meet the requirements of the GDPR?

ISO 27001 and the GDPR overlap in many areas. For example, both address the goal of ensuring the confidentiality, availability and integrity of data or follow a risk-based approach. However, the GDPR has a broader scope, so companies can simplify compliance with the GDPR through ISO 27001 certification, but not cover it completely.

Why we are a strong partner for you

Expertise

Licensed and experienced ISMS auditors: We have extensive experience in the field of ISO 27001 from over 700 projects.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

International network of experts

Around the globe: We have a global network of experts that enables us to provide national as well as international services.

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

You have questions? We are pleased to help!

Further services

IT-Grundschutz

With a certification under ISO 27001 based on the “BSI IT-Grundschutz” standard, you show your customers and business partners the importance you associate with IT security, since the level of your information security fulfills the requirements of the BSI.
Read more

ISMS for the Energy Industry

TÜViT supports grid operators with the rollout of their ISMS according to ISO 27001, taking into account ISO 27019.
Read more

Audits according to the BSI C5 Catalog

Are you a cloud service provider looking for an objective assessment of your current cloud infrastructure? We offer audits according to the BSI C5 Catalog.
Read more