There are a several organizations accredited to grant certification against ISO 27001.
ISO 27001 works with ISO 9000 and ISO 14000.
Originally a BSI/DISC committee, which included representatives from a wide section of industry and commerce. It was reviewed subsequently by an ISO (International Standards Organization) committee and ultimately emerged through the ISO publication process.
BS7799-2, the original specifications for information security management system changed to ISO 27001 during the fourth quarter of 2005.
The Certification Process
- A company decides to implement ISO 27001
- Company assigns management committee
- Company committee creates a Information Security Policy and Delivers Policy Documentation
- Committee defines ISMS Delivers ISMS Scope Documentation
- Identify main threats, risk, vulnerabilities and impacts Perform Risk Assessment for scope of ISMS Produces RA Documentation
- Company Approach to Risk Management Committee decides how to handle RM Agree and Document Accountability and Responsibilities
- Controls and Guidance from 17799 (+ other controls) Select Objectives and Controls Prepare SoA
- Implement Controls
- Ask for Certification (Correct as needed until certified)
These type of standards should be undertaken by all companies to insure information security standards are in place and on-going.
