ISO 27001 Assurance Program

Attributes

Name: ISO 27001 Assurance Program
Criteria: ISO 27001 and Client Charter
Market: All organizations utilizing information technology
Scope: International
Output: Certificate of Confidence
Validity: 3 years, subject to on-going requirements
Outcome: Certification gives confidence to the organization, its customers, regulators and/or other interested parties in the ability to effectively manage information security.

Background

ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The adoption of an ISMS is a strategic decision for an organization. The establishment and implementation of an ISMS is influenced by the organization’s needs and objectives, security requirements of interested parties, the processes used and the organizational size and structure maintained, all of which can change over time.

A sound ISMS and Statement of Accountability preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

The process

As an organisation, the steps involved for you are:

  1. Applying for certification:
    Review and accept our customised Proposal, and you’re underway!
  2. Achieving certification:
    Firstly, a pre-certification audit or “test run” will be conducted either on-site (at your premises) or off-site (at our premises) or both, to see whether your management systems are suitable. Areas of concern will be reported. Once concerns have been actioned, an on-site certification audit will be conducted, where we will examine the extent to which you address the program criteria. Areas of concern will be reported. Once we are satisfied there are no outstanding issues that present an unacceptable risk to you, your employees, customers, regulators, Equal Assurance or others, we can proceed to issue a Certificate of Confidence. Well done!
  3. Maintaining certification:
    Depending on the level of risk, we will conduct a series of surveillance audits (and in some cases special and follow-up audits) and tri-ennial re-certification audits, to examine the extent to which you continue to address the program criteria. Areas of concern will be reported. So long as we continue to be satisfied there are no outstanding issues that present an unacceptable risk to you, your employees, customers, regulators, Equal Assurance or others, your certification remains valid.

Your next step

Click the link below to contact one of our Account Managers who will prepare a Proposal Form at no cost.

Menu