Certification in accordance with ISO 27001

IT security is a management task

IT security is more than just a technical solution for your infrastructure. IT is a key part of all your business processes and must therefore be viewed and managed integrally. International standard ISO 27001 provides you with comprehensive support. ISO 27001 is the successor to standard BS 77 99. With the help of ISO 27001, you can identify IT risks at all levels and combat them appropriately and effectively with suitable measures.

With ISO 27001 certification from TÜV, you can show your clients and partners the level of security and quality of your IT-based business processes. The TÜV Rheinland Group is accredited by the TGA (German Association for Accreditation) and has the expertise to certify information security management systems in accordance with ISO 27001.

A TÜV certification of your IT management system in accordance with ISO 27001 provides you with various benefits first hand: 

  • Compliance with internationally recognised requirements
  • A high level of transparency and trust for clients and partners
  •  A first class marketing tool which puts gives you a distinct competitive advantage.
Akkrediert durch die TGA

About the standard

ISO 27001 is an internationally recognised standard for the evaluation of security in IT environments. In addition to the information technology, ISO 27001 also gives particular consideration to the relevant business processes and identifies prioritised measures. The standard contains a comprehensive collection of proven procedures (‘best practices’) and consists of two sections: a standard on implementation (ISO 17799:2005) and a standard on the examination of successful implementation (ISO/IEC 27001:2005)

  •  ISO/IEC 17799:2005 ("Code of practice for information security management") is the reference document for setting up an information security management system (ISMS). The standard is a guideline for the implementation of an ISMS and has the same content as BS 7799-1.
  • ISO/IEC 27001:2005 ("Specification with guidance for use") describes the requirements for the effective implementation and documentation of an ISMS. This document is the test basis upon which TÜV founds its certifications.

to top of the page

Contents

ISO 27001 covers the following topics: 

  • Management of IT risks
  • Security policy
  • Organisation of security
  • Classification and checks of company values
  • Personal security
  • Physical and environment-related security
  • Management of communications and operations
  • Access controls
  • System development and maintenance
  • Information security and incident management
  • Management of the continuous business activities
  • Compliance with obligations (legal and organisational requirements)

Further information on developing an effective information security management system can be found in the practice manual on the construction, certification and operation of information security management systems, produced by our experts and found online at http://www.tuev-verlag.de/ProduktVerz/90711.htm).

to top of the page

Benefits

International standard ISO 27001 enables your organisation to establish a security process which systematically optimises your organisation’s security to a definable level. This process leads to a whole range of advantages: 

  • Proof of security to third parties (for clients, partners and legal purposes)
  • Competitive advantage: ‘documented quality’ by an independent authority
  • Cost reductions through transparent, optimised structures.
  • Security becomes an integral part of business processes
  • Knowledge and monitoring of the IT risks and residual IT risks
  • Documentation of structures and processes
  • Increased employee awareness of security
  • Evaluation of the organisation’s processes from a security point of view.
  • Prioritising the security of the business operations: business continuity management 
  • Globally recognised standard
  • Potential reduction in insurance premiums
  • Referencing the IT process management standard (ITIL) to ISO 27001
  • Seamless transition from ISO 27001 in management systems to ISO 9000.

to top of the page

Certification process

The following flowchart shows our certification process:  


certification process

Our certification procedure in accordance with ISO 27001 is as follows:

Preliminary talks

First, we conduct a consultation with you to usefully define the range and scope for certification and therefore create a basis for a differentiated proposal.
Phase 1: Preliminary survey
We use a preliminary survey to identify weaknesses and vulnerabilities in your security process which have to be eliminated before the certification assessment, in order to conduct a promising certification. This takes place in the form of a report which classifies the risks identified on the basis of their level of risk.
Phase 2: Certification assessment
The actual certification process begins in phase 2. By means of an on-site assessment of your business, we examine all relevant areas with regard to an effectively implemented security management system and create a detailed assessment report. 
Phase 3: Certification
If the assessment report has a positive result, it is passed on to the certification body and the certification is awarded.
Phase 4: Preservation of the security process

Regular monitoring assessments are used to ensure that the certified level is maintained.
to top of the page

Requirements for a certification

Within the scope of certification in accordance with ISO 27001, your organisation must fulfil a number of tasks: 

  • Conduct a risk analysis with an analysis of the threats and weaknesses, as well as of the extent of damage and probability of occurrence. 
  • Establish a risk management system. 
  • Introduce a process for the identification, control and elimination and/or minimisation of risks at a justifiable cost.

In addition, there are also requirements for your information security management system (ISMS) documentation. ISO 27001 principally requires the following documents:

  • Security policy
  • Definition of the scope of the ISMS, the procedures and the measures
  •  Documentation of a systematic risk analysis
  • Statement of applicability with a selection of BS 7799 measures with grounds for their selection and/or non-applicability 

top of the page

The first step to certification – an individual proposal from us

IT security and quality start with personal contact – a confidential discussion. We accompany and support you through individual challenges. Within the scope of our integral approach, we break down your problematic situation and prioritise the tasks. Contact us directly. To define the potential scope of a proposal, please provide us with the following information:

  • Name and registered office of your organisation
  • Sector
  • Significant business activities
  • Number of locations (planned locations)
  • Number of employees (total and at locations)  

Simply contact us so that we can help you on your way to certification.

top of the page

References

Our clients, who have used the TÜV Rheinland Group to document the quality of their ISMS processes in accordance with ISO 27001, are some of the leading companies from the following sectors:

  • Financial service providers
  • Automotive
  • Industry
  • Pharmaceutical/chemical
  • Medicine
  • Government  

They are listed and can be viewed in the ISMS International User Group

Search
Standort

Germany
choose another country

TUVdotCOM ID
The TUV certificate for quality and safety of approved products and companies.
More information... Zertifikat

Contact

Please Contact us.

Location search

Find the nearest TÜV location:

Search for TÜV locations:
Further Topics

IT-Security Testing

Data Protection