ISO 27001:2013
ISO 27001:2013

ISO 27001:2013

Information Security Management Systems

Want your ISO 27001 Certification Readiness guaranteed? Book a FREE 60-minute Strategy Session now!

Book now!

ISO 27001:2013 – Information Technology – Security Techniques

This International Standard provides guidance and specifies requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within your business.

It is part of the ISO 27000 Family of Standards.

Why has the Standard been developed?

The ISO 27001:2013 Standard is all about preserving and protecting the confidentiality, integrity and availability of information by applying a risk management process and provision of confidence to interested parties that risks are adequately managed.

ISO 27001 Standard’s core aspects are protection, confidentiality and integrity of information.

The Information Security Management Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

Related Post

What are the benefits of
the ISO 27001 Standard for your business?

bottom line

REDUCED COSTS

Via implementing an effective ISMS, eliminating information security incidents and breaches and hence the time and costs related to correction of breaches

ISO 27001:2013

BUSINESS GROWTH

Opportunity to grow and innovate your business with the knowledge that confidential information is protected

scalability

IMPROVED BUSINESS MANAGEMENT

Via planning, implementation and control of the processes needed to meet information security requirements

ISO 27001:2013

GREATER COMPETITIVE ADVANTAGE

The ISMS Certification could be the point of difference that wins your next contract

ISO 27001:2013

WIDER MARKET POTENTIAL

The ISMS Certification could meet more tender pre-qualification requirements

ISO 27001:2013

REPUTATION

Show your customers and other key stakeholders that information security is a paramount element of your business operations

ISO 27001:2013

PROMOTES INTERNATIONAL TRADE

When ISO 27001 Certification is achieved

ISO 27001:2013

LEGAL COMPLIANCE

Certification to the Standard proves an effective framework for monitoring legal requirements and evaluating compliance

ISO 27001:2013

STAKEHOLDER TRUST

Certification gives confidence to your customers and stakeholders that the established ISMS will protect and preserve their data

ISO 27001:2013

REDUCED BUSINESS RISK

Via conducting information security risks assessments at planned intervals and implementation of information security risk treatment plans

What types of businesses will benefit from Certification to the ISO 27001:2013 Standard?

Information Security is an essential component to the successful operation of any business in the growing world of technology. Any business that wants to protect and preserve their information via implementation of an effective Information Security Management System will benefit from the implementation of the Standard.

ISO 27001 Certification will ensure that important data and confidential information is protected, by verifying that a systematic method of managing confidential information is in place and effective.

The requirements of ISO 27001 can be tailored to apply to the business’ size, type, needs and existing information management processes. It helps to identify the risks to the important information and put in place the appropriate controls to help reduce the risk.

Blank-Light-1800×1200-layout1969-1f8ng9a

How the ISO 27001 Information Security Certification Process Works

ISO Certification Experts is not an Accredited Certification Body. We do not conduct Third Party Audits to achieve ISO 27001 Certification to the requirements of the Information Security Management Standard. Our role is to assist you in ISO Certification Readiness and Business Process Improvement.

Your ISO Certification Audits will be conducted by a Certification Body Auditor.

All ISO Certifications run on a three-year certification cycle, usually with audits 12 months apart.

Once you achieve your ISO 27001 Information Security Management Certification, it is subject to satisfactory annual Surveillance Audits.

Year 1
Initial ISO Certification Audit

This is conducted in two separate Audit stages, up to 6 months apart:

  • Stage 1 (Readiness Review):
    A full review of your business processes and documented information to ensure all requirements of every clause of the ISO 27001:2013 Information Security Management Systems Standard (relevant to your business) have been addressed.

  • Stage 2 (Certification Audit):
    An assessment conducted at your business premises (a sample of your offices and your project sites, as applicable) to ensure that you actually do what your processes and documented information say you do, and that it’s effective for your business operations.

Year 2
Surveillance Audit

This is conducted within 12 months of the Stage 2 Audit. It is shorter than the Stage 2 Audit and generally samples across approximately half of the business processes to verify that you’re continuing to:

  • monitor and measure your progress towards your information security objectives and targets

  • control your identified information security, general business and process risks

  • review and update your business planning

  • conduct effective internal audits

  • conduct management reviews that meet the requirements of the ISO 27001:2013 Information Security Standard

  • improve the security of your business information and the management system

Year 3
Surveillance Audit

This is conducted within 12 months of the Year 2 Surveillance Audit with the same Audit duration. The Auditor usually samples the other half of the business processes which weren’t sampled in Year 2, to verify that you’re continuing to:

  • monitor and measure your progress towards your information security objectives and targets

  • control your identified information security, general business and process risks

  • review and update your business planning

  • conduct effective internal audits

  • conduct management reviews that meet the requirements of the ISO 27001:2013 Information Security Standard

  • improve the security of your business information and the management system

Then the three-year certification cycle starts again with a Re-Certification Audit, followed by two annual Surveillance Audits.

LEARN MORE WHAT YOU CAN DO TO MAINTAIN YOUR ISO CERTIFICATION

Your next step

Call us now on 1300-614-007 to get started.

We’re happy to answer any questions you might have, or
provide an obligation-free consultation.

Let’s Get Started
Go to Top