To begin the certification process, you need to select a Certification Body (CB). In this selection process you should understand the difference between accredited and non-accredited certification bodies.
You will then need to provide your CB with some information. This includes number of employees and sites as well as the scope of business activities that the certification will cover.
Based on this input, you will receive an audit schedule covering the amount of days required for the Initial Certification followed by Periodic Audits.
Following a successful Initial Certification you will be issued a certificate.
In some cases you might want to consider a Gap Analysis. This will help you identify any gaps that exist between the requirements of the standard and your organisation's management system, prior to an audit.
If you have a management system in place and believe it is compliant to ISO 27001, then you are ready to begin the certification process.
Resources
DNV investigated Privacy Management Trends of 1300 customers in our ViewPoint Survey. View the survey results for the latest market trends.
ViewPoint: Privacy & Information Security
Business enabler or innovation barrier? View the detailed results.
Infographic
See the facts and figures from the latest ViewPoint survey.
New technologies vs. personal data protection -help or hazard?
Companies in a state of confusion regarding the impact of new technologies
Privacy management entails risk and lack of competence is major
"Human factors" more worrying than any external threat.