ISO/IEC 27001 CERTIFICATION
ISO 27001 is the internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. The standard, based on the Plan-Do-Check-Act model (PDCA), defines what an information security management system (ISMS) is, what is required to be included within the ISMS, and how management should form, monitor, and maintain the ISMS.
01. Initial Certification Review
02. Initial Certification Review
ISO 27001 certificates are valid for a three-year term. During this period a series of reviews called surveillance audits are required to be completed. These should take place at least annually but are often conducted more frequently, particularly while the ISMS is still maturing. A surveillance audit includes an onsite review to determine if any material changes have been made to the ISMS and limited testing to confirm that the organization is continuing to following the framework and controls.