Requirements for ISO 27001 Certification
We are planning to implement ISO 27001 requirements in one of the BUs in the organization. However, before we start, we have heard that it requires a BU / organization to be operational for 1 year before applying for the certification. We are relatively a new BU and have a plan to complete the implementation and apply for certification before 1 year of operations.
Can you please guide me, if this is valid - If we don't complete one year of operations, we are not eligible to apply for the certification?
Assign topic to the user
Please note that the required time for the ISMS to be operating before the certification audit is different from one certification body to the other - some require you to have ISMS in full operation for at least 3 months, while others do not have such criteria. The best would be if you ask for proposals from a couple of certification bodies, and ask them this specific question.
These articles may also help you:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
These materials can also help you:
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 08, 2021