ISO 27001 is an international information security standard developed by a joint committee formed by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC 27001:2013 is the complete name of this standard since the latest version was published in the year 2013 (with a few minor changes made in 2017). Having the ISO 27001certification in India automatically implies that the organisation is following the best practices relating to the Information Security Management System (ISMS).
|Objective Of ISO 27001|
|Is ISO 27001 Certification Mandatory?|
|Domains Of ISO 27001|
|How To Get The ISO 27001:2013 Certification?|
|Initial Certification – Stage 1 Audit|
|Initial Certification – Stage 2 Audit|
|Continual Assessment (Surveillance Audit)|
|Documents Required For ISO 27001 Certification|
|Benefits Of The ISO 27001 Certification|
At its core, the primary objective of ISO 27001 is to ensure that the information of the organisation has the following attributes:
The ISO 27001:2013 certification is not mandatory. However, the laws of some countries may mandate its applicability depending on the industry that an organisation operates in.
The ISO 27001:2013 standard consists of the following 14 domains within which controls are prescribed:
An accredited certification body has to be appointed by the organisation. This body will audit the system to issue the certificate. The procedure will consist of the following steps:
Under the guidance of the certification body, the organisation has to initiate a gap analysis. In this, the organisation and its employees understand the requirements of the standard and check whether they comply with the international best practices. The necessary documentation is prepared, and the internal audit team is trained specifically to check whether the requirements of the standard have been followed. The management will then review the pros and cons of the existing system and prepare a program to improve the system continuously.
In this stage, the certification body will mainly focus on the documentation of the organisation. The organisation will have to ensure that the prescribed documentation has been prepared and the necessary records are maintained.
Based on the findings and observations in the Stage 1 Audit, the organisation will have to demonstrate to the certification body that the necessary controls and systems are in place. Generally, a walkthrough of the processes is arranged.
If the certification body is satisfied that the requirements of the standard have been met, it will issue the ISO 27001:2013 certification. This certification will be valid for three (3) years, subject to continuous assessment visits.
Once in 12 months, the certifying body will conduct a routine audit to ensure that the requirements of the standard are not compromised.
After the validity period of three (3) years has expired, the certifying body will again conduct a comprehensive review which may or may not include the Stage 1 Audit. The renewal audit may result in the suspension, withdrawal, extension or reduction of the scope of the certification.
The certifying body usually provides a list of documents. The most commonly asked documents are:
Some of the benefits of getting the ISO 27001:2013 certification are listed below:
😄Hello. Welcome to Masters India! I'm here to answer any questions you might have about Masters India Products & APIs. What brings you to our website today?
E-Way Bill Software
BOE TO Excel Conversion
Accounts Payable Software
Invoice OCR Software/APIs
GST Verification API
E-Way Bill API
KSA E-Invoice APIs
Vendor Verification API