ISO/IEC 27001 audit, certification, maintenance

How to certify an ISO 27001 Information Security Management System

Where can I find the official name of the standard ISO 27001 and the valid version of the standard?

You can always find the current edition of the standard, amendments or corrections to the standard on the website of the Lithuanian Department of Standardization.

ISO 27001 Information technology, security techniques, information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)

Briefly about ISO 27001

This International Standard has been developed to provide a model for the development, implementation, maintenance and continuous improvement of an information security management system. The implementation of the information security management system in the company, organization is a strategic decision of the organization.

Objective of ISO 27001

An information security management system according to ISO/IEC 27001 aims to ensure that appropriate controls for confidentiality, integrity and availability of information are implemented to protect stakeholder information. These stakeholders include customers, employees, business partners and the general needs of society. Unsecured information systems are vulnerable to many emerging threats such as computer fraud, sabotage, viruses and more. These threats can be internal or external, both accidental and intentional. A breach in information security can make vital information accessible, stolen, damaged or lost.

ISO 27001 value

An organization that operates in accordance with the requirements of the ISO/IEC 27001 standard:

  • identifies weak areas and chooses appropriate measures to reduce possible information security risks in the organization. This is especially true for companies whose reputation could be damaged by disclosing the information they have;
  • determines the classification of information, which allows for a clear definition of what is confidential, secret information in the organization, and what is public or internal use information, and determines measures to ensure its security;
  • determines information access rights;
  • improves communication.

Advantages of a certified management system according to the ISO 27001 standard:

  • confidence in the manufacturer or service provider is increased;
  • the reputation and image of the organization improves;
  • compliance with legal requirements;
  • competitive advantage when offering or supplying products to the European Union or other countries and participating in public tenders.

Integrated management system

The information security management system can be integrated with other management systems, such as the quality management system (ISO 9001) or the environmental protection management system (ISO 14001).

When you implement, develop and plan to certify an information security management system, we advise you to refer to the accompanying requirements (some documents are relevant only for the relevant activities), such as:
LST EN ISO/IEC 27002:2017 Information Technology. Security methods. Regulations on the practice of information security control measures (ISO/IEC 27002:2013, Including Cor.1:2014 ir Cor.2:2015)
LST ISO/IEC 27005:2018 Information Technology. Security methods. Information security risk management (identical to ISO/IEC 27005:2018)
ISO/IEC 27003:2017 Information technology - Security techniques - Information security management systems - Guidance
ISO/IEC 27004:2016 Information technology - Security techniques - Information security management - Monitoring, measurement, analysis and evaluation
EN ISO/IEC 27007:2020 Informacinės technologijos. Saugumo metodai. Informacijos saugumo valdymo sistemų audito gairės (ISO/IEC 27007:2017) Information technology - Security techniques - Guidelines for information security management systems auditing (ISO/IEC 27007:2017)
ISO/IEC TS 27008:2019 Information technology - Security techniques - Guidelines for the assessment of information security controls
ISO/IEC 27009:2016 Information technology - Security techniques - Sector-specific application of ISO/IEC 27001 – Requirements
ISO/IEC 27017:2015 Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27011:2016 Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations

A
You can learn more about the  ISO 27001 standard here: www.iso.org.
 
More about UAB "Sertika" management system certification process is presented in the document "Management system certification (conformity assessment) regulations" (here) and section „FAQ“ (here).
A

Where to start the certification process?

In order for us to submit an offer, please fill out the application and send it by e-mail: vs@sertika.lt;

Link to download the application

Do you have additional questions about management system certification?

Specialist
Your question is waiting Head of the Management Systems Certification Department