◊ Certification Services - ISO 27001 Certification

The Generally known as ISO 27001 Certification, ISO/IEC 27001, part of the growing ISO/IEC 27000 series of standards, is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization of Standardization (ISO) and the International Electro technical Commission (IEC). Its full name is ISO/IEC 27001:2005 – information technology. – Security techniques.

- ISMS – Requirements but it is commonly known as ‘ISO 27001′. ISO/IEC 27001 certification or ISO 27001 Certification process usually involves a three stage audit
  process.

- Stage 1 : is a “table top” review of the existence and completeness of key documentation such as the (SOA) and Risk Treatment Plan (RTP).

- Stage 2 : is a detailed, in depth audit involving testing the existence and effectiveness of the information security control stated in the SOA and RTP, as well as their
  supporting documentation.

- Stage 3 : is a follow-up reassessment audit to confirm that a previously – certified organization remains in compliance with the standard certification maintenance
  involves periodic reviews and re-assessments to confirm that the ISMS continues to operate as specified and intended.

Road map for the complete implementation of ISO – 27001(ISMS) information security management system

♦ STEP 1 Awareness Programme

- Basic ISMS understanding through awareness presentation
- Workshop on derivation of quality policy and its objectives

♦ STEP 2 Gap Analyses

- For existing documentation with respect to new documents
- What formats to exclude and what to include

♦ STEP 3 Quality Policy And Objectives

- Setting objectives and targets
- Setting departmental goals with respect to overall objectives of the organization

♦ STEP 4 Documentation

- Apex Manual
- Procedural Manual
- Work instructions and Specifications
- Development of Process Maps

♦ STEP 5 Training On Implementation

- Departmental sitting for understanding of implementation of the department specific procedures
- Departmental sitting for implementation of generic procedures

♦ STEP 6 Internal Audit

- To train adequate no. of auditors for effective implementation & assessment of ISO-27001(ISMS)
- Internal audit be conducted by the organization at least once before certification and after implementation of new system

♦ STEP 7 Management Review Meeting

Management Review Meeting to be conducted by the organization to review effectiveness of the implemented system

♦ STEP 8 Shadow/Pre- Assessment Audit

Conducted to assess QMS implementation effectiveness

♦ STEP 9 Certification Body Audit

Copyright @ 2014. Progressive Certification Services.
Developed and Managed by SME Business Services Ltd.