Certifikační značka ISO IEC 27001

Adding value with our service portfolio

Adding value with our service portfolio

Certifikace:ts-iso-27001-en-example

Certifikace systému řízení / Dobrovolné posouzení

Základ pro certifikaci (certifikační norma):

Mezinárodní norma ISO IEC 27001 (požadavky na systémy řízení bezpečnosti informací)

Vlastník normy:

Mezinárodní organizace pro normalizaci ISO

 

Čeho se norma ISO IEC 27001 týká?

Norma ISO IEC 27001 definuje požadavky na certifikovatelný systém řízení bezpečnosti informací (ISMS) v organizaci. Sem mimo jiné patří:

  • Organizace má zavedený vhodný systém řízení bezpečnosti informací včetně mechanismů identifikace rizik, sebehodnocení, preventivních a nápravných opatření a neustálého zlepšování.
  • Organizace má definovanou dosažitelnou úroveň zabezpečení informací zpracovávaných organizací.
  • V rámci posuzování a řízení rizik organizace identifikovala a zavedla vhodná opatření k zajištění bezpečnosti informací.

  • What does “certification” and/or the issue of a certification mark for ISO 27001 by TÜV SÜD Management Service GmbH mean?
    • The customer has submitted to voluntary assessment (audit) according to defined criteria (certification standard).
    • A certificate and/or the authorisation to use a certification mark is only issued if the assessment (audit) does not reveal any major nonconformities with the requirements of the certification standard.
    • The certificates and/or certification marks are valid for a restricted period of time. Interested parties can check the validity of individual certificates in the certificate database of TÜV SÜD Management Service GmbH.
    • To maintain certificate validity, the certificate holder must annually complete an announced audit with a positive result.
    • Unannounced audits are possible in specific cases.
  • How do we audit?

    Independent and qualified experts (auditors) apply the following auditing techniques:

    • Document review:
      Evaluation of the organisation’s requirements and/or documentation to ensure the systematic control of all processes relevant for information security.

    • On-site-audit:
      Verification, in the form of interviews and on-site inspection at the customer's premises, that the above requirements are effectively implemented in practice. Random on-site checks of processes based on records, such as available measurement results, minutes of meetings, training and qualification records, technical realisation, and records related to defined objectives and the resulting improvement projects.
  • What is beyond the scope of certification according to ISO 27001?
    • Certification according to ISO 27001 does not constitute product certification. Certification thus does not provide any direct statements on the quality of a product or service of the certified customer. Certification according to ISO 27001 does not mean that the company manufactures products or provides services of higher quality.
    • Certification according to ISO 27001 does not mean that a company's information / data cannot be lost, cannot be unlawfully altered or can be accessed at the right time, even though these are key objectives of the information security management system
    • A certification does not confirm that the technical and organizational measures taken by the company are functioning without errors

PROZKOUMAT

Produktový list

Management System Certification Marks

Explore here our certification marks

Learn More

Kam dále

// Kontaktujte nás
// Přihlaste se k odběru
// Zobrazit naše pobočky
LinkedIn Instagram Youtube

SELECT YOUR LOCATION

Global

Americas

Asia

Europe

Middle East and Africa