The ISO 27001 standard is an internationally supported basis for information security. The standard contains requirements and guidelines for structurally regulating information security. An ISO 27001 certificate is however not sufficient to comply with the GDPR. For this Kiwa offers a GDPR certification service. Organisations that are already GDPR-proof still can derive additional added value from an ISO 27001 certificate because the topic of information security is more thoroughly covered.
Data leaks
Reporting data leaks to the authorities is becoming increasingly common. This suggests both that more data leaks have occurred, and also that there is more awareness of data security. This is a good thing, particularly because most data leaks still happen in the health and welfare sector, public administration and financial services – ultimately, organisations processing lots of privacy-sensitive information.
Custom-made ISMS
The framework an organisation uses to regulate information security is described in an Information Security Management System (ISMS). Although an ISMS according to the ISO 27001 standard always contains fixed components including risk analyses and internal audits, it is for the most part custom-made. After all, a good ISMS covers all aspects of your business. Duration and cost of ISO 27001 certification can therefore vary from a few days to a few months.
More information?
Kiwa experts will be happy to tell you what a certification process in your organisation looks like and what the costs are. Would you like to know more about ISO 27001 certification by Kiwa and ISO 27001 costs? Please complete the contact form and we will be in touch.