• Page Navigation
• Certification of Management Systems
  • Integrated Audits
  • ISO 9001
  • ISO 14001
  • ISO/TS 16949
  • ISO 13485/CMDCAS
  • ISO/IEC 20000-1 (ITSMS)
  • ISO 27001
  • JIS Q 15001
  • TRUSTe
  • ISO 28000 Series (Supply Chain Security)
  • OHSAS 18001
  • Clean Development Mechanism and Joint Implementation
  • The Quality Fitness Studio

ISO 27001 (ISMS - Information Security Management System)

• ISO/IEC 27001:2005 (JIS Q 27001:2006) and its objectives
• How ISO/IEC 27001:2005 (JIS Q 27001:2006) works?
• Certification Cycle and the Focus Points at each stage of audit
• The Features of TUV Rheinland Audit 

ISO/IEC 27001:2005 (JIS Q 27001:2006) and its objectives

ISO/IEC 27001:2005 (JIS Q 27001:2006) is an international standard for the management of information assets and for safeguarding business continuity. It defines requirements for an information security management system (ISMS). A well-implemented ISMS helps to counteract interruptions to business activities and to protect critical business processes from the effects of disasters and major failures of information systems, and ensures the timely resumption of normal operations.

ISO/IEC 27001:2005 (JIS Q 27001:2006) is applicable to all sectors of industry and business, and not limited to information that is handled by electronic media. The information can be printed or written on paper, stored electronically, transmitted by post or email, or spoken in conversation. ISO/IEC 27001:2005 (JIS Q 27001:2006) helps organisations to ensure that information assets are always adequately protected and available when they are needed. ISMS is relevant to all organisations, regardless of whether they use stand-alone computers or complex heterogenic network systems.

How ISO/IEC 27001:2005 (JIS Q 27001:2006) works?

ISO/IEC 27001:2005 (JIS Q 27001:2006) takes a holistic approach to information security. Information security is the preservation of the confidentiality, integrity and availability of any information that is important for an organisation to work effectively.

The standard is based on the process approach and adopts the PDCA model, which is applied to structure all ISMS processes.

The input for the ISMS consists of the information security requirements and expectations of the interested parties. After going through the necessary actions and processes, information security outcomes are produced to meet the aforementioned requirements and expectations.

The standard supports the consistent and integrated implementation and operation of related management standards like ISO 9001:2000 and ISO 14001:2004. One suitably designed management system can thus satisfy the requirements of all these standards.

top of page

Certification Cycle and the Focus Points at each stage of audit

The initial certification audit is separated into Stage 1 and  Stage 2 audits.   Follow-up audits are performed in the 2nd and 3rd years and in the 4th year a Repeat  audit is performed. 

□ Pre-audit (Option)
     As an option, the Pre-audit may be performed to prepare for the Initial Certification Audit. 

■ The focus of the Stage 1 Audit:
     - Validity of Risk Assessment Methodology
     - How the  Document Management Systems are Established

■ The focus  of the Stage 2 Audit:
      - Whether the Management Systems have been understood and employed properly.
      - How the control objectives are being implemented

■ The focus  of the Follow-up Audits
     - How the Continual Improvement mechanisms are  working.
     (System Audit Monitoring →Review of the Risk Assessment, Optimization of the Controls.)

top of page

The Features of TUV Rheinland Japan Audit

To Produce a High Value-Added and Meaningful Audit

We are committed to supporting  continual improvement in your organization with  the following:

• To help you create  a  system to be used as a risk management tool, not  simply as a token of compliance.
• To consider the system from a cost-conscious perspective, not only as a compliance requirement  but as a means of implementing  useful controls.
• To limit the auditor's  prejudicial concepts and to  identify each organization's conditions and background (including the significant difference between large organizations and small- and medium- size organizations) and to  audit the creation of a system flexibly.
•  To encourage the creation of simplified systems
• To perform audits and issue non-conformity reports based on the level of imporatnce of the factors.
• To hold  quarterly auditor training sessions to maintain  consistency from  the auditors
• To perform combined audits with other management systems such as QMS, EMS and others.
• Global deployment of auditors is possible with a network of more than 300 sites around the globe.

top of page

Search

Search term

• Search
  • full-text search
  • TUVdotCOM ID

Standort

Japan
choose another country