ISO 27001:2013 -Information Security Management




ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then.[1] It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. Protecting your organisation’s information is critical for the successful management and smooth operation of your organisation. Achieving ISO 27001 will aid your organisation in managing and protecting your valuable data and information assets. This standard ensureand helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. Achieving accredited certification to ISO 27001 provides an independent, expert assessment that information security is managed in line with international best practice and business objectives. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

What is an ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.It can help small, medium and large businesses in any sector keep information assets secure.


Downloads



Certification Process


The certification process includes following major steps. For further details kindly see procedure for certification system in the download section.


  1. Application/Enquiry
    Client submits the application form to KBS (Application for Certification).
  2. Review of Application by KBS
    KBS reviews the application to check if the requisite services can be provided and accordingly prepares the quotation/ estimate and the contract (Certification audit contract).
  3. Audit planning
    Once the contract is signed, KBS makes the audit programme and inform the client.
  4. Assessment
    Initial certification includes two stages assessment. Recertification includes only one stage. The assessment is carried out by the team at the sites against the applicable criteria. The report is provided to client identifying the compliancelevel includingany nonconformities.
  5. Verification of Non-conformities
    Client submits the implemented or proposed action based on the classification of non-conformity. KBS reviews the actions.
  6. Certification Decision
    KBS takes certification decision based on the report submitted by the audit team. If decision is in favour of grant of certification, a Certificate is Issued to the client.
  7. Surveillance assessment
    Surveillance assessment are held as per the periodicity defined and agreed. First surveillance within 12 months from the date of the stage 2 audit. Certificate is maintained based on the outcome of the surveillance audit and compliance with the requirements. First Surveillance within 12 months from the date of certification decision date.
  8. Recertification
    Before expiry of the certificate, recertification is planned and conducted.