ISO 27001 – Information Security Management System Certification

ISO 27001 certification is a third-party audit performed by a certification body who, upon verification that an organization is in compliance with the requirements of ISO 27001, will issue an ISO 27001 certificate. This Information Security Management System Certification is then maintained through regularly scheduled annual surveillance audits by the registrar, with re-certification of the Information Security performed on a tri-annual basis.

How can you prove to your clients and stakeholders that you are the organization that they should work with?

By obtaining an ISO certification that affirms you are compliant with the world’s best-known practices and most widely used standards!

Benefits of ISO/IEC 27001 certification to your organization:

Provides senior management with an efficient management process
Provides you with a competitive advantage
Reduces costs due to incident and threat minimization
Demonstrated compliance with customer, regulatory and/or other requirements
Sets out areas of responsibility across the organization
Communicates a positive message to staff, customers, suppliers and stakeholders
Integration between business operations and information security
Alignment of information security with the organization’s objectives
Puts forward true value through enhancement of marketing opportunities

Benefits of ISO/IEC 27001 certification to your customers:

Keeps intellectual property and valuable information secure
Provides customers and stakeholders with confidence in how you manage risk
Secures exchange of information
Ensures you are meeting your legal obligations
Manages and minimizes risk exposure
Cost savings for rework, damages and waste

Certification process

Documentation review

We will conduct a review of the Management System to look for the main form of documentation

Audit

An audit is performed by us to verify that your organization is in conformity with the requirements of the standard

Certification

Upon verifying that your organization is in conformity with the requirements of the standard, a Management System Certification is granted

ASK US

Ask a question or request a commercial proposal—please fill in your details and we will contact you.

Frequently Asked Questions

What are the costs of Management System Certification?

Management Systems Certification cost depends on a range of factors such as: number of employees, number of locations, standard(s) being audited, economic activity. Based on this information, we determine the audit duration which is a pre-requisite for determining the cost.

How long does it take to get the actual certificate?

It depends on the outcome of the audit and the ability of the organization to respond to possible nonconformities raised during the audit. Under normal circumstances, the certificate may be issued within 2 weeks after the audit.

What is the duration of an audit?

There is no fixed duration for all audits; it depends on several factors like the standard against which the audit is going to be conducted; size of the company – sites and number of employees within scope; complexity of the management system; industry in which the organization operates; has the organization previously been certified or not; etc

What are surveillance audits and when do they take place?

To maintain the certificate, your organization will be subject to two surveillance audits. The first surveillance audit will take place no longer than 12 months from the initial audit. Meanwhile, the second surveillance audit will take place no longer than 12 months from the first surveillance audit.

What is three-annual ISO certification cycle?

Year 1 – Initial Certification\Recertification
|- Audit plan
|- Stage 1 audit (remote documentation review)
|- Stage 2 audit (on-site or remote, interviews)
|- Addressing non-conformities
|- Issuing the certificate ( 2 weeks after audit closing)
Year 2 – First Surveillance audit
|- Audit plan
|- Surveillance audit (on-site or remotely, interviews)
|- Addressing non-conformities
Year 3 – Second Surveillance audit
|- Audit plan
|- Surveillance audit (on-site or remotely, interviews)
|- Addressing non-conformities

Is PECB Ukraine accredited?

PECB Ukraine is the official representative in Ukraine for MSECB, which is an accredited Management System Certification Body by the International Accreditation Service (IAS) under ISO/IEC 17021 – Requirements for bodies providing audit and certification of management systems. Additionally, MSECB is an accredited Product Certification Agency under ISO/IEC 17065 – Requirements for bodies certifying products, processes, and services.

Are MSECB Certificates recognized worldwide?

Yes. Being accredited by IAS, which is part of the IAF MLA, gives our certificates global recognition.

What is the validity of the MSECB Certificate?

An MSECB Certificate is valid for three years, and it is subject to annual audits.

What happens if we are issued non-conformities during the audit?

If non-conformities are found during the audit, you are requested to provide root cause analysis, correction, and corrective actions to resolve the non-conformities. These must be reviewed, verified and accepted by the auditor.

Information security

Cybersecurity

Project management

Privacy

Quality management

Risk management

Anti-bribery

Digital transformation

Continuity and recovery