ISO 27001 Assessment Process

Due to the wide-ranging nature of data storage and protection, you will need to involve all levels of management and all areas of your organisation to implement and maintain an effective information security management system (ISMS). Information security is as much about people as technology.

To achieve accreditation you will need to create an internal information security forum and engage the services of an external consultant or technical expert to provide guidance and support through the implementation and certification process.

You will then need to appoint an accredited certification body to provide certification for ISO 27001 to conduct an independent assessment of your information security management system. Your organisation, your customers and partners will feel confident that your ISMS has been competently audited to the requirements of the International standard.

ISO 27001 controls

  • Define the scope of the system

  • Define your information security policy

  • Establish the security objectives of the business

  • Perform an information security risk assessment

  • Formulate a risk treatment plan

  • Select the most suitable control methods

  • Establish policies and procedures

  • Implement internal review and internal audits

  • Monitor the performance of controls to identify opportunities for improvement

Certification audit

When you are satisfied that your documentation and processes are in place, you are then ready for your first audit. The auditor will review your documentation and make sure that procedures are being followed throughout the organisation.

If there are any areas that need to be rectified, these will have to be done before your ISO 27001 certificate is issued.

ISO 27001 Regular Auditing Procedure

The audit can be undertaken by a number of certification bodies. However, it is important to note that not all auditing organisations are UKAS accredited. If you do not use a UKAS accredited auditor your certification could end up being worthless.

Share This Article, Choose Your Platform!

Ready to talk?