Guest user Created: Sep 02, 2016 Last commented: Sep 02, 2016

Violation of the ISO 27001 certification

What happens if i have and declare that i am certified by 27001 or 27018, companies come to me and get service from me but during that time i do violate some of the obligations take place in 27001 or 27018? Am i responsible by any legal sanctions or do i only loose customers/reputation?

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Sep 02, 2016

Answer: During the time your company is certified against ISO 27001, if you become non-compliant with the standard, then the certification body might revoke your certificate during the surveillance visit (depending on whether the nonconformity is major or minor.)

You can get legal penalties only if you break some law/regulation, or if you violate the contractual obligations.

See also these articles:
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 02, 2016

Expert Advice Community