Spinae successfully guides customer to ISO 27001 certification

Recently we successfully completed a guidance process in which Spinae, together with the customer, developed and implemented an Information Security Management System (ISMS) that meets the requirements of the international standard ISO/IEC 27001.

Information security is of great importance to this customer. They are well aware that security is very important for their business as well as for that of their customers. In order to be able to make this known to the outside world, they chose to develop an ISMS that complies with the international standard ISO/IEC 27001. This enables them to broadly focus on security and also on their to show customers that they are doing a good job in that area.

Course of certification process

Implementing such ISMS in a company does not happen by itself. There are several steps that must be taken in order to ultimately be successful and obtain the certification. Of course, that will take some time.

 

  • Management buy-in
  • Determine scope
  • Analyze existing procedures, documentation and policies
  • Carrying out a pragmatic risk analysis
  • Involving internal champions
  • Update existing policies
  • Update existing procedures
  • Introduce additional procedures
  • Self assessment
  • External audit

Important: getting the certification is not an end point, but a starting point! During the certification process you have adapted your company to work according to what is described in the ISMS. Of course you have to keep doing that.

 

Do you have questions about ISO27001 certification? Feel free to contact our experts. They are happy to tell you more about it.