ISO 27001:2013 Information Security Management System Certification

This International Standard covers all type of organisations (e.g. commercial enterprises, government agencies, non – profit organisations) and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organisation’s overall business risks. It specifies requirements for the implementation of security controls customised to the needs of individual organisations or parts thereof.

The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

DEKRA Certification B.V, Netherlands provides RvA accredited certificate for ISMS through NVT QC auditing.

Business Challenge

Dependence on information systems and services means organisations are more vulnerable to security threats. Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected. By proper identification and classification of those assets and a systematic risk assessment of threats and vulnerabilities your company can select appropriate controls to manage those risks and demonstrate that it is preserving confidentiality, integrity and availability of those information assets to clients, consumers, shareholders, authorities and society at large.


What is ISO 27001?

ISO 27001 is an international standard defining requirements related to Information Security Management System in order to enable an organisation to assess its risk and implement appropriate controls to preserve confidentiality, integrity and availability of information assets. The fundamental aim is to protect the information of your organisation getting into the wrong hands or losing it forever.

FAQ – Frequently Asked Questions

Does ISO 27001 apply to all industries?
Yes, all organisations having information assets which need protection can benefit by implementation and certification to ISO 27001.
ISO 27001 is all about IT, isn’t it?
No, ISO 27001 covers all aspects of information exchange, from computer data to conversations in public areas, including securing of physical perimeters and initial personnel screenings. ISO 27001 will help you to assure business continuity under almost all circumstances, such as fire, flooding, hacking, data loss, confidentiality breach and even terrorism. It is possible for an organisation to put in place a policy on information security that covers all forms of communication and data storage. ISO 27001 is the backbone of this.