Guest user Created: Apr 11, 2019 Last commented: Apr 11, 2019

ISO 27001 implementation and certification

I work as a freelance, a company asks me to implement the network and manage it in such a way that the most important asset is the information, they tell me that it applies ISO, my question is if applying the standard is the same as certifying? If I apply the standard but do not certify I'm not sure what happens? I need to understand the subject.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 11, 2019

Answer:

Applying the standard is not the same as certifying for it. The certification requires a certification body to audit your implementation and verify if it is compliant with all requirements from the standard.

You can implement the standard and not pursue certification. In this case what happens is that this way you gather only partial benefits of the standard (e.g., better internal organization and reduced costs from incidents), but cannot use this implementation as a proper market tool and competitive differential.

To know more about ISO 27001, I recommend these materials:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist h ttps://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 11, 2019

Expert Advice Community