Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

ISO 27001 Certification Data

  Quote
Guest
Guest user Created:   Apr 27, 2022 Last commented:   Apr 27, 2022

ISO 27001 Certification Data

My queries: (1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification, and (2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 27, 2022

(1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification, 

Answer:  Please note that ISO 27001 does not require a minimum period of data/records (i.e., a minimum period of the ISMS operation before the certification), however, some certification bodies do have such requirements, and some don't. Therefore, you should speak to the certification body you have chosen and see what criteria they have.  

This article may also help you: 
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/


(2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.

Answer: Please note that “preparations and training” means the implementation and operation of the Information Security Management Systems. For small and midsize organizations the implementation time frame can vary from 3 to 18 months, depending upon the size and complexity of the ISMS scope.

For further information, see:
- Time, effort, and roles needed to implement ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/#effort

Regarding the certification audit, the total days to complete a certification audit (i.e., stages 1 and 2) will depend on the defined ISMS scope (e.g., number of locations, number of employees, etc.), so without detailed information, we cannot provide a precise answer for your case.

For small companies the Stage 1 and Stage 2 audits will usually take ca 5 days. These two audits can take place 2 weeks to 2 months apart.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 27, 2022

Apr 27, 2022

Suggested Topics

Guest user Created:   10h ago ISO 27001 & 22301
Replies: 1
0 0

Scope definition

Tonya Created:   1d ago ISO 27001 & 22301
Replies: 0
0 0

Compliance Manager

Guest user Created:   Sep 23, 2022 ISO 27001 & 22301
Replies: 1
0 0

27001 audits