ISO 27001 faq - Basic Q & A

ISO 27001 FAQBelow are the questions and answers to common ISO 27001 faq that can give you the initial information about ISO 27001 (Information Security Management System Standard). We hope that this ISO 27001 faq will help you to decide on getting certified to the ISO 27001:2013 standard.

What is ISO Full Form? And what ISO means?

ISO full form is International Organization for Standardization, which is the world’s largest developer of International Standards. Implementation of these International standards help to make the industry effective and efficient.

ISO is headquartered in Geneva, Switzerland. Presently ISO consists of 162 member countries who are the national standards bodies across the globe.

What is ISO 27001?

ISO 27001 is an International standard that provides the requirements for establishment, implementation, maintenance and continual improvement of an Information Security Management System.

What is an Information Security Management System ?

An Information Security Management System (ISMS) is the part of an organization’s management system that consists of a set of policies, objectives and procedures to ensure that the organization’s information is kept secure, to manage & minimize the risk and ensure business continuity by pro-actively minimizing the impact of a security breach.

Can only IT Companies get certified for ISO 27001 ?

No. Not necessarily. Any Organization handling a huge amount of information and seeks to protect sensitive data can get certified for ISO 27001. Apart from IT Companies, even Banks, Visa Offices, Chartered Accountant firms, and other industries which needs to protects its sensitive data from unauthorized disclosure, falsification, misuse, disclosure, modification – can get certified to ISO 27001.

Which is the latest version of ISO 27001 ?

The latest version of ISO 27001 is ISO 27001:2013, which was published by ISO in October 2013. This effectively cancels and replaces the earlier ISO 27001:2005 standard.

What are the advantages of implementing ISO 27001 Information Security Management System ?

  1. Provides a framework to ensure safety of sensitive information.
  2. Builds trust and confidence among customers and stakeholders on how risk management is carried out.
  3. Ensures the secure exchange of information.
  4. The exposure to risk is minimized.
  5. Helps in developing a security culture that gets embedded in the organization culture.
  6. Helps to protect the Organization’s assets, customers and stakeholders.
  7. Gives the competitive edge compared to non-ISMS based companies.
  8. Customer satisfaction and perhaps delight !

ISO 27001 certificate is valid for how many years ?

Upon successful completion of the ISO documentation audit and ISO Implementation audit, the certification body issues the ISO 27001 certificate for 3 years. After certification, there will be a surveillance audit each at the end of the first and second years. The next year will be the Re-certification audit.

We are only two people in our organization. Can we get ISO 27001 certified?

Yes as long as you handle loads of data and wish to protect it. ISO 27001 Certification can be obtained irrespective of the size of an organization starting from 2 to thousands of people. Let your industry be a tiny, micro, small scale, medium scale, large scale or a very large scale. The same clauses apply. The only difference is that for an organization of lesser size, the implementation can be quicker and easier than that of a large sized organization.

What will be the costs involved for ISO 27001 Certification?

There is a cost of Initial Certification that needs to be paid before Certification Audits. Once successfully certified, there will be a surveillance audit costs at the end of first and second years each respectively. This is followed by re-certification cost for the third year.

Our Organization is already certified to ISO 27001:2005.What should we do?

You will have to transit your Information Security management system from ISO 27001:2005 to the new ISO 27001:2013 and seek certification to it.

We hope that the above ISO 27001 faq has provided you with good information prior to your decision on getting into ISO 27001 Certification. If your organization wishes to get ISO 27001 certified, please Contact us