Within an ISO 27001 certified organisation, information security is a circular system of plan, do, check & act. First of all, it must be determined what an organisation wants to achieve with certification. Does data have to be secured as effectively as technically possible? Or just as good as necessary? Then the current situation is mapped out, followed by determining what steps are needed to achieve the desired goal.
The Information Security Management System (ISMS) is the basis for this. The ISMS can be used to (re)design internal processes according to the ISO 27001 standard and the associated implementation guidelines from the standard ISO 27002. Creating awareness of data privacy and training employees in data security is part of this process.
Audit ISO 27001
Following the implementation of the ISMS, there is an ISO 27001 audit. Kiwa assesses whether the organisation meets the certification criteria for the ISO 27001 standard. Any shortcomings are fed back, and Kiwa supports the organization in improving the processes where necessary. If the result of the audit is positive, certification follows.
Kiwa’s experts will gladly tell you what a certification process and ISO 27001 audit in your organisation looks like and what is involved. Would you like to know more about ISO 27001 certification by Kiwa? Please complete the contact form and we will be in touch.