ISO/IEC 27001:2013

General information on ISO / IEC 27001:2013 

ISO 27001 is a standard developed by the International Organization for Standardization (ISO) and describes in detail how to manage corporate information security.

Who is required to have an ISO / IEC 27001:2013 audit? 

ISO/IEC 27001:2013 is optional to implement. But if a company wishes to demonstrate its infosecurity commitment to customers and partners, the ISO/IEC 27001:2013 certificate will prove that information security is organized at a high level and constantly being improved in the company.

How often do you need to have an ISO/ IEC 27001:2013 audit? 

An external audit is required once a year and a witness audit annually after the external audit.

Results of ISO/IEC 27001:2013 compliance certification 

    Completion of an audit report on the current state of ISMS with proposals for elimination of identified nonconformities
    Selection and approval of an information risk management procedure, and preparation of a risk assessment report
    Formulation and approval of a risk management plan
    Design of internal regulatory documents for ISMS support
    Completion of an ISMS internal audit report
    Development of ISMS implementation regulations
    Obtaining an ISO/IEC 27001:2013 compliance certificate

 Stages of service provision 

  • Preparation for a certification audit


    1. Definition and approval of the audit scope
    2. Conducting an audit of the current state of ISMS
    ● Compliance analysis of existing corporate regulatory and administrative IS documents (policies, regulations and instructions) required by ISO/IEC 27001:2013
    ● Interviewing company employees (third-party, if necessary) within the audit procedure
    ● Analysis of settings, composition and characteristics of hardware and software for information transmission and security
    3. Conducting information risk analysis
    4. ISMS regulatory documents development

  • Consulting support for ISMS implementation

     1. Design of internal regulatory documents for ISMS support
    2. Development of project plan packages for ISMS implementation based on existing information systems and business processes
    3. Advisory support for implementation of scheduled ISMS projects
    4. Development of a report based on the results of ISMS implementation analysis

  • Certification audit ISO/IEC 27001:2013

     1. ISMS internal audit report
    ● Development of the ISMS internal audit method
    ● Development of the ISMS internal audit plan
    ● Completion of a report based on the results of the ISMS internal audit
    ● Conducting an ISMS analysis by management staff
    ● Development of implementation regulations
    2. Selection of a certification body
    3. Advisory support for the ISMS certification procedure

Made with