ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards. ISO 27001 provides an internationally recognized methodology for implementing, managing and maintaining information security. By achieving ISO 27001 certification, organizations demonstrate that their information Security Management Systems (ISMS) are compliant with the requirements of ISO/IEC 27001 and assures customers on the security of your system.
ControlCase offers a Triennial Certification Methodology consisting of a 2-stage Certification Audit phase, and Surveillance Audits performed on year 2 and 3. The certification stage begins with a Stage I audit – upon completion of the Stage I audit; the audit results will be documented in a report detailing the findings and any areas of concern (if any) as well as the organization’s readiness for the Stage II audit. Upon completion of the Stage II Audit, the results will be documented in a report detailing the organization’s compliance to the requirement of ISO/IEC 27001:2013 standard and recommendation for ISO/IEC 27001:2013 certification.
The surveillance audits in Yr 2 and 3 are on-site audits assessing the certified client’s management system’s fulfillment of specified requirements with respect to the standard. These are not necessarily full system audits but they provide confidence that the certified management system continues to fulfill all requirements.
After Yr 3; the cycle starts again.