Certification maintenance
Actualmente ya estamos certificados en ISO 27001 y nos gustaría saber cuales son los siguientes pasos para poder mantener la certificación
We are currently certified in ISO 27001 and we would like to know what the next steps are to be able to maintain the certification
Assign topic to the user
After the certification audits, there are yearly surveillance audits.
During surveillance audits, it will be checked if your Information Security Management System is working as designed. So, the main steps are following your policies and procedures and keep related records (e.g., incidents logs, measurements reports, corrective actions, and non-conformities reports, internal audits reports, management review minutes, etc.)
Additionally, if your organization had any minor non-conformity or observations during the previous audit, be sure that auditors will look into those issues with special care to confirm that actions were taken to close those nonconformities.
These articles will provide you a further explanation about certification maintenance:
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/
Comment as guest or Sign in
May 06, 2021