ISO 27001:2013 -Information Security Management
ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. Protecting your organisation’s information is critical for the successful management and smooth operation of your organisation. Achieving ISO 27001 will aid your organisation in managing and protecting your valuable data and information assets. This standard ensureand helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. Achieving accredited certification to ISO 27001 provides an independent, expert assessment that information security is managed in line with international best practice and business objectives. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.
What is an ISMS?
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.It can help small, medium and large businesses in any sector keep information assets secure.
The certification process includes following major steps. For further details kindly see procedure for certification system in the download section.
Client submits the application form to KBS (Application for Certification).
- Review of Application by KBS
KBS reviews the application to check if the requisite services can be provided and
accordingly prepares the quotation/ estimate and the contract (Certification audit
- Audit planning
Once the contract is signed, KBS makes the audit programme and inform the client.
Initial certification includes two stages assessment. Recertification includes
only one stage. The assessment is carried out by the team at the sites against the
applicable criteria. The report is provided to client identifying the compliancelevel
- Verification of Non-conformities
Client submits the implemented or proposed action based on the classification
of non-conformity. KBS reviews the actions.
- Certification Decision
KBS takes certification decision based on the report submitted by the audit team.
If decision is in favour of grant of certification, a Certificate is Issued to the
- Surveillance assessment
Surveillance assessment are held as per the periodicity defined and agreed.
First surveillance within 12 months from the date of the stage 2 audit. Certificate
is maintained based on the outcome of the surveillance audit and compliance with
First Surveillance within 12 months from the date of certification decision date.
Before expiry of the certificate, recertification is planned and conducted.