DAS Certification (AS/NZ)

A Wholly Owned and Operated Australian Company

Phone: 1300 806 097
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Certification – Information Security

Introduction

The growth of Information Technology has required business to review their risks associated with storage, management and protection of information security.  Information Security Management Systems provide a structured methodology for the protection of your business’s information assets.  ISO 27001 Information Security Management Information SecuritySystem provides guidance on the management of all types of information, including paper-based and electronic formats; and provides guidance on the security considerations associated with the processing, storage, transfer, monitoring, protection and authorised destruction of information.  ISO 27001 Information Security Management Systems are aimed at ensuring your information is protected but available to authorised users as required by your business processes.     

Certification of your management system helps to demonstrate that your system has been independently assessed by experts and publicly shows your commitment to information security and compliance with privacy laws.

ISO 27001 covers all types of organisations (e.g. commercial enterprises, government agencies, non-profit organisations) and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving documented Information Security Management System within the context of an organisation’s business risks. It specifies requirements for the implementation of security controls customised to the needs of individual organisations or parts thereof.

ISO 27001 Information Security Management System does not define a business process; rather it defines business outcomes. The processes by which these outcomes are achieved are defined by the organisation, based on the organisation’s business needs. ISO 27001 Information Security Management System is not a “one size fits all” template; each and every system should be organisational-specific based on the operational requirements of the business. DAS Certification (AS/NZ) prides itself on working with our clients to ensure your Information Security Management System fits your business rather than a consultant’s template design. By understanding your business goals, culture and security strategies, DAS Certification (AS/NZ) is able to interpret your business processes in the light of the ISO 27001 outcomes rather that simply following an audit checklist. This approach is achieved by focussing on the security outcomes rather that the processes involved.   

Benefits

certification benefitsImplementation of ISO 27001 brings with it many benefits and advantages, which may include:

  • Customers, employees, and customers are reassured by the knowledge that your management information and systems are secure;
  • A demonstration of credibility and trust;
  • Establishes compliance with relevant laws and regulations;
  • Demonstrates a commitment to Information Security at all levels throughout an organisation;
  • State and Commonwealth Recognised Third Party Certification.

Service Tailored to Your Business

DAS Certification (AS/NZ) has highly skilled personnel with considerable experience in the certification of Information Security Management Systems and the provision of advice specifically designed to meet our customer’s IT system requirements. DAS Certification (AS/NZ) is an endorsed Australian owned and operated company under the AUSBUY Australian-owned business scheme. Our company structure allows DAS Certification (AS/NZ) to provide a personalised service that adds value to your business.  Our business is built around developing long-term business partnerships whereby DAS Certification (AS/NZ) works with your organisation to achieve your business objectives.  We achieve this goal by:

  • By providing a personalised professional service;
  • Programming audit dates to suit your business schedule;
  • Matching auditors with the appropriate skills and experience to your business;
  • Taking the time to understand not only your business system, but your business goals;
  • Applying an open-book approach to auditing;
  • Taking a long-term approach to the development of your system; and
  • Identifying the areas within the system that add most value to your organisation.

The "Four steps to Certification" Fact Sheet – Click here.

Your Route to Certification

Enquiry and Free Estimate

Following your enquiry, DAS Certification will provide you with an obligation free quote.
On acceptance of our quote, DAS Certification will ask that you complete our application form and Memorandum of Understanding.

There are no fees until your certification has been completed.

Once the application has been processed, DAS Certification will contact you to start the certification process, agree dates for the Stage 1 Audit and assign an Auditor who will liaise directly with you to finalise the audit arrangements.

Stage 1 Audit

The Stage 1 Audit (part of which is generally conducted on site) provides a focus for planning the Main Audit.  We review documentation specific to your business and work with your staff to quickly resolve any problems.

Main Audit Visit

The Main Audit measures the effectiveness of the Information Security Management System in managing your quality requirements, products, processes and services.

The audit is carried out alongside your own people, with results and findings openly discussed and reviewed. At the end of the audit, a report is prepared for acknowledgement and acceptance by your Company Representative. Any corrective actions arising from the audit are discussed and any forward plan of work agreed, including a follow-up visit if needed.

Certification Approval and Surveillance Programme

When your Information Security Management System complies with ISO 27001, a certificate of approval is issued which is valid for three years, subject to satisfactory on-going maintenance of your Information Security Management System. Verification is through an audit programme that is carried out by yearly surveillance visits organised to fit in with your business requirements.

Three-yearly Reassessment Visit

  • Every three years, your Information Security Management System needs to be reassessed.
  • Following satisfactory reassessment, your certificate is reissued for a further three years.

For more details on the certification process Click here

route to certification