Introduction ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an
The adoption of ISMS should be a strategic decision for an organisation.
The design and implementation of an organisation’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organisation. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organisation, for example, a simple situation requires a simple ISMS solution.
ISO 27001 covers all types of organisations (e.g. commercial enterprises, government agencies, non-profit organisations) and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of an organisation’s overall business risks. It specifies requirements for the implementation of security controls customised to the needs of individual organisations or parts thereof.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Companies are now aware that third party certification of their ISMS systems enhances their image in the business community and with prospective customers.
Demonstrating that a company has an ISMS culture by ensuring their staff are working within the correct information security environment and their organisation is complying to information security legislation is an important management challenge. An effective ISO 27001 Management System can improve site information security, customer satisfaction, business efficiency and achieve cost savings whilst having a positive impact on Company image.
Impartiality and Independence
DAS Certification (AS/NZ) is the agent for an independent UKAS accredited ISO 27001 Information Security Certification Body.
Service Tailored to Your Business
We provide a certification service to satisfy your business by:
Enquiry and Free Estimate
Following your enquiry and completion of our application and questionnaire, we review that information and provide you with a free estimate. There are no fees until you accept the estimate and return the signed contract that includes the conditions for certification. We contact you to start the certification process, agree dates for the Stage 1 Audit and assign an Auditor who contacts you to finalise arrangements
Stage 1 Audit
The Stage 1 Audit (part of which is generally conducted on site) provides a focus for planning the Main Audit. We review documentation specific to your business and work with your staff to quickly resolve any problems.
Stage 2 Visit
The Main Audit measures the effectiveness of the ISMS in managing your information security, requirements, products, processes and services.
The audit is carried out alongside your own people with results and findings openly discussed and reviewed. At the end of the audit a report is prepared for acknowledgement and acceptance by your Company Representative. Any corrective actions arising from the audit are discussed and any forward plan of work agreed, including a follow-up visit if needed.
Certification Approval and Surveillance Programme
When your ISMS complies with ISO 27001, a certificate of approval is issued which is valid for three years, subject to satisfactory on-going maintenance of your ISMS. Verification is through an audit surveillance programme that is carried out by yearly surveillance visits organised to fit in with your business requirements.
Three-yearly Reassessment Visit
Every three years, your ISMS needs to be reassessed.
Following satisfactory reassessment, your certificate is reissued for a further three years.
Figure1: The Route to Certification.
