ISO 27001 Certification

Do you have any questions or comments? Contact us!
Any questions? Please contact us! Mo. - Fr. 9am - 5pm

ISO 27001 Certification

After your business has implemented an Information Security Management System successfully, you are ready for ISO 27001 certification. To ensure that you do not miss an important step while implementing an ISMS check out the ISO 27001 Checklist.

ISO 27001 Certification Costs

The cost of certification varies and consists of several elements as outlined below;

  • Implementation costs
    This can include: research costs, implementation costs, time costs, measurement costs and improvement costs
  • Certification costs
    Costs for having your management system for information security certified and retaining your certification.
  • Failure costs
    Perhaps you made a mistake while setting up your ISMS and consequently your system does meet the requirements of the standard. This could lead to a second assessment with extra costs.
  • Possible training and awareness costs

ISO 27001 Certification Process

After you have applied for an ISO 27001 certification, the certification body will send an auditor to your company, in order to assess if your ISMS meets the requirements of the standard. The audit consists of the following steps:

  1. ISO 27001 gap analysis
    The auditor compares your ISMS with the requirements from ISO 27001 standard. The result of the gap analysis is a realistic overview of areas which need to be improved before the formal assessment. This is not a mandatory part of the assessment process.
     
  2. Formal assessment

    Stage 1: The auditor will check …
    … does your ISMS meet all the requirements?
    … has your organisation created the Statement of Applicability?
    … is the risk assessment correct?
    … is the documentation correct and available?

    Stage 2: The auditor will assess whether all controls and procedures are accurate and implemented and provide appropriate evidence. 
     
  3. Certification
    When your ISMS meets the requirements of the standard you will achieve certification and the ISO 27001 certificate. 

ISO 27001 Certification Cycle

The certificate expires after three years and will need to be renewed. There are annual surveillance visits to ensure you continue to comply and drive improvement. The certification cycle is a three-year-cycle with the steps mentioned in the certification process above.

We are looking forward to your enquiry

TÜV UK LtdAMP House
Suites 27 - 29, Fifth Floor, Dingwall Road
Croydon, CR0 2LX

Tel.: +44 20 8680-7711
Enquiries.UK@tuv-nord.com