SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

ISO 27001 Certification Data

  Quote
Guest
Guest user Created:   Apr 27, 2022 Last commented:   Apr 27, 2022

ISO 27001 Certification Data

My queries: (1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification, and (2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 27, 2022

(1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification, 

Answer:  Please note that ISO 27001 does not require a minimum period of data/records (i.e., a minimum period of the ISMS operation before the certification), however, some certification bodies do have such requirements, and some don't. Therefore, you should speak to the certification body you have chosen and see what criteria they have.  

This article may also help you: 
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/


(2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.

Answer: Please note that “preparations and training” means the implementation and operation of the Information Security Management Systems. For small and midsize organizations the implementation time frame can vary from 3 to 18 months, depending upon the size and complexity of the ISMS scope.

For further information, see:
- Time, effort, and roles needed to implement ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/#effort

Regarding the certification audit, the total days to complete a certification audit (i.e., stages 1 and 2) will depend on the defined ISMS scope (e.g., number of locations, number of employees, etc.), so without detailed information, we cannot provide a precise answer for your case.

For small companies the Stage 1 and Stage 2 audits will usually take ca 5 days. These two audits can take place 2 weeks to 2 months apart.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 27, 2022

Apr 27, 2022

Suggested Topics