ISO 27001 – Information Security Management System Certification
ISO 27001 certification is a third-party audit performed by a certification body who, upon verification that an organization is in compliance with the requirements of ISO 27001, will issue an ISO 27001 certificate. This Information Security Management System Certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification of the Information Security performed on a tri-annual basis.
How can you prove to your clients and stakeholders that you are the organization that they should work with?
By obtaining an ISO certification that affirms you are compliant with the world’s best-known practices and most widely used standards!
Benefits of ISO/IEC 27001 certification to your organization:
- Provides senior management with an efficient management process
- Provides you with a competitive advantage
- Reduces costs due to incident and threat minimization
- Demonstrated compliance with customer, regulatory and/or other requirements
- Sets out areas of responsibility across the organization
- Communicates a positive message to staff, customers, suppliers and stakeholders
- Integration between business operations and information security
- Alignment of information security with the organization’s objectives
- Puts forward true value through enhancement of marketing opportunities
Benefits of ISO/IEC 27001 certification to your customers:
- Keeps intellectual property and valuable information secure
- Provides customers and stakeholders with confidence in how you manage risk
- Secures exchange of information
- Ensures you are meeting your legal obligations
- Manages and minimizes risk exposure
- Cost savings for rework, damages and waste
Certification process
Documentation review
We will conduct a review of the Management System to look for the main form of documentation
Audit
An audit is performed by us to verify that your organization is in conformity with the requirements of the standard
Certification
Upon verifying that your organization is in conformity with the requirements of the standard, a Management System Certification is granted
Frequently Asked Questions
Management Systems Certification cost depends on a range of factors such as: number of employees, number of locations, standard(s) being audited, economic activity. Based on this information, we determine the audit duration which is a pre-requisite for determining the cost.
It depends on the outcome of the audit and the ability of the organization to respond to possible nonconformities raised during the audit. Under normal circumstances, the certificate may be issued within 2 weeks after the audit.
There is no fixed duration for all audits; it depends on several factors like the standard against which the audit is going to be conducted; size of the company – sites and number of employees within scope; complexity of the management system; industry in which the organization operates; has the organization previously been certified or not; etc
To maintain the certificate, your organization will be subject to two surveillance audits. The first surveillance audit will take place no longer than 12 months from the initial audit. Meanwhile, the second surveillance audit will take place no longer than 12 months from the first surveillance audit.
Year 1 – Initial Certification\Recertification
|- Audit plan
|- Stage 1 audit (remote documentation review)
|- Stage 2 audit (on-site or remote, interviews)
|- Addressing non-conformities
|- Issuing the certificate ( 2 weeks after audit closing)
Year 2 – First Surveillance audit
|- Audit plan
|- Surveillance audit (on-site or remotely, interviews)
|- Addressing non-conformities
Year 3 – Second Surveillance audit
|- Audit plan
|- Surveillance audit (on-site or remotely, interviews)
|- Addressing non-conformities
PECB Ukraine is the official representative in Ukraine for MSECB, which is an accredited Management System Certification Body by the International Accreditation Service (IAS) under ISO/IEC 17021 – Requirements for bodies providing audit and certification of management systems. Additionally, MSECB is an accredited Product Certification Agency under ISO/IEC 17065 – Requirements for bodies certifying products, processes, and services.
Yes. Being accredited by IAS, which is part of the IAF MLA, gives our certificates global recognition.
An MSECB Certificate is valid for three years, and it is subject to annual audits.
If non-conformities are found during the audit, you are requested to provide root cause analysis, correction, and corrective actions to resolve the non-conformities. These must be reviewed, verified and accepted by the auditor.