Certification
our services
market sectors
getting started
news
DNV.com
about us
contact us
find us
careers
sitemap
DNV UK Homecertificationmanagement systemsinformation security
management systems
 
 
ISO/IEC 27001

An ISO/IEC 27001 certificate proves that your Information Security Management System has been certified against a best practice standard and found compliant. Issued by a third party certification body/registrar, the certificate proves that you have taken necessary precautions to protect sensitive information against unauthorised access and changes.

The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s Information Security Management System.

ISO/IEC 27001 is established by the International Organization for Standardization (ISO) and is the standard used for certification. It replaces BS 7799 and provides an international Information Security Management System standard. Based on BS 7799, it has been reorganised to align with other international standards. Some new controls have been included, i.e. the emphasis on information security incident management and OECD principles.

The standard also draws upon other standards like ISO/IEC 17799:2005, ISO/IEC 13335-1:2004, ISO/IEC TR 13335-3:1998, ISO/IEC TR 13335-4:2000, ISO/IEC TR 18044:2004 and “OECD Guidelines for Security of Information Systems and Networks – Towards a culture of security” that provide guidance for implementing information security.

Protecting your assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.

ISO/IEC 27001 will help you protect your information in terms of:

  • Confidentiality ensures that information is accessible only to those authorised to have access.

  • Integrity safeguards the accuracy and completeness of information and processing methods.

  • Availability ensures that authorised users have access to information and associated assets when required.

In line with other management system standards
ISO/IEC 27001 is aligned with other management systems, and supports consistent and integrated implementation and operation with related management standards. The result is:

  • Harmonisation with management system standards like ISO 9001 and ISO 14001.

  • Emphasis on continual process improvement of your information security management system.

  • Clarification of requirements for documentation and records.

  • Involved risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.

Where do I go from here?
For third party certification, you need to implement an effective Information Security Management System complying with the requirements of the standard. The first step is to get on the road to certification.
SEARCH
SHORTCUTS
Road to Certification
Contact Us
Promotion
Training Services
Request for Quote
RELATED INFO
  links:
Meet our clients
ISMS International User Group
  downloads:
Management Systems brochure (pdf)
ISO 27001 Flyer (pdf)
Risk Based Certification
Quote Request Form
OECD guidelines (pdf)
   
top of page

print this page
print this page
privacy statement | © 2008 det norske veritas | terms of use
 
       

 

 

 

>>