LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Certification for services

  Quote
Guest
Guest user Created:   Feb 11, 2019 Last commented:   Feb 11, 2019

Certification for services

How does one obtain certification for a service, i.e. email?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 11, 2019

Answer:

ISO 27001 cannot be used to certify products and services, but to certify the processes that support them (e.g. e-mail administration and operation processes).

After getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, the steps for ISO 27001 implementation you should consider are:
1) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2) development of risk assessment and treatment methodology;
3) perform risk assessment and define the risk treatment plan;
4) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions and opport unities for improvement.

During this process you can select and hire the certification body to perform the certification audit.

These articles will provide you further explanation about ISMS implementation and certification:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01iso-22301-certification-process-free-webinar-demand/
- ISO 27001:2013 Lead Implementer Course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-lead-implementer-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 11, 2019

Feb 11, 2019

Suggested Topics