ISO/IEC 27001 INFORMATION SECURITY …...The ISO/IEC 27001 Information Security Management standard...
Transcript of ISO/IEC 27001 INFORMATION SECURITY …...The ISO/IEC 27001 Information Security Management standard...
When Quality Matters
ISO/IEC 27001 INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATIONBUILD A REPUTATION AS A COMPANY THAT KEEPS ITS INFORMATION SAFE WITH THE ISO/IEC 27001 CERTIFICATION
www.ccqm.ch
The ISO/IEC 27001 Information Security Management standard helps organizations to keep their information assets secure, by building an information infrastructure against the risks of loss, damage or any other threat.
Companies that certify their management system against ISO/IEC 27001 validate that the security of financial information, intellectual property, employee details, or information entrusted from third parties is being successfully managed and continually improved in accordance with widely accepted best practices and the standard’s framework.
BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR ORGANIZATION:• Providesseniormanagementinvolvedininformationsecuritywithanefficientmanagementprocess• Providesyouwithacompetitiveadvantageduetocustomertrustandmarketshare• Reducescostsduetoincidentandthreatminimization• Demonstratedcompliancewithcustomer,regulatoryand/orotherrequirements• Setsoutareasofresponsibilityacrosstheorganization• Communicatesapositivemessagetostaff,customers,suppliersandstakeholders• Integrationbetweenbusinessoperationsandinformationsecurity• Alignmentofinformationsecuritywiththeorganization’sobjectives• Seizingopportunitiestoputforwardtruevaluethroughenhancementofmarketing
BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR CUSTOMERS:• Keepsintellectualpropertyandvaluableinformationsecure• Providescustomersandstakeholderswithconfidenceinhowyoumanageriskrelatedtoinformationsecurity• Securesexchangeofinformation• Ensuresthatyouaremeetingyourlegalobligations• Managesandminimizesriskexposure• Costsavingsforrework,damagesandwaste
UNDERSTANDING THE CERTIFICATION PROCESSISO/IEC27001certification(alsoknownas“registration”)isgrantedbyathird-party,suchasCCQM,uponverifyingthroughanauditthattheorganizationisincompliancewiththerequirementsoftheISO/IEC27001standard.Thiscertificationisthenmaintainedthroughscheduledannualsurveillanceauditsbytheregistrar,withre-certificationoftheInformationSecurityperformedonatriannualbasis.
• Step1.Pre-Audit(Optional)-Itmustbedoneatleast3monthsbeforeCertificationAudit• Step2.AuditPlan-Planforaudithastobemutuallyagreed• Step3.AuditStage1&2-Non-conformitiesmustbeclosedatleast3monthsafterauditconclusions• Step4.InitialCertification-Certificatewillbeissuedwithin2weeksaftersuccessfulauditclosing
Oncecertificationhasbeenobtained,theorganizationwillbesubjectedtotwosurveillanceauditswithin24monthsfromtheinitialcertification:
• SurveillanceAuditStage1-Nolongerthan12monthsfromtheinitialcertificationaudit• SurveillanceAuditStage2-Nolongerthan12monthsfromthe1stsurveillanceaudit
WHY CHOOSE CCQM?CCQMisacertificationbodyforpersons,managementsystems,andproductsonawiderangeofinternationalstandards.Asaglobalprovideroftraining,examination,audit,andcertificationservices,CCQMoffersitsexpertiseonmultiplefields,includingbutnotlimitedtoInformationSecurity.
We help organizations to show commitment and competence with internationally recognized standards by providing this assurancethrough the education, evaluationandcertificationagainstrigorous,internationallyrecognizedcompetencerequirements.Withaglobalcoverageofmorethan200partnersinover120countriesworldwide,ourmissionistoprovideourclientscomprehensiveservicesthatinspiretrust,continualimprovement,demonstraterecognition,andbenefitsocietyasawhole.
TofindouthowyoucanobtaintheISO/IEC27001certification,visitwww.ccqm.ch/certification
PRE-AUDIT (FACULTATIVE)
YEAR 2 (SURVEILLANCE AUDIT)
YEAR 3 (SURVEILLANCE AUDIT)STAGE 1 AUDIT STAGE 2 AUDIT
CCQM CERTIFICATION PROCESS