BENEFITS, REQUIREMENTS AND THE CERTIFICATION PROCESS
In the course of digital transformation, the security of information is becoming an increasingly urgent topic for companies. Without adequate security precautions, data loss and data theft by hackers, business downtime due to internet attacks or data misuse are a constant threat. One option for a structured approach is an information security management system (ISMS) according to ISO 27001, which creates a framework for protecting operational data and its confidentiality. At the same time, the international standard ensures the availability of the IT systems involved in the company processes. An ISO 27001 certification is an objective external evaluation of the implementation and effectiveness of the ISMS.
Coordinated by the European Committee for Standardization (CEN), DIN EN ISO/IEC 27001:2017-06 combines the two corrections (Corrigenda) Cor 1:2014 and Cor 2:2015. The changes associated with the correction only contain an improved description of the associated requirements, but no new, additional requirements. Certificates based on the 2013 version therefore remain valid.
The internationally valid ISO 27001 standard for information security management systems applies worldwide. It provides organizations of all sizes and sectors with a framework for planning, implementing and monitoring information security. The requirements are applicable generally and suitable for private and public companies as well as non-profit institutions. We would be happy to help you if you want to have the information security of your company or organization certified.
According to the German Federal Office for Information Security (BSI), companies that belong to a Critical Infrastructure Sector (KRITIS) and exceed a certain threshold value must provide proof of precautions taken to ensure information security. Critical infrastructure sectors include energy, water, health, finance and insurance, food, transport and traffic, information technology and telecommunications. Corresponding proof of implementation may be provided through security audits, tests or certification. For this purpose, either recognized standards such as ISO 27001 or, alternatively, BSI-recognized industry-specific security standards (B3S) may be used as a basis for auditing.
Even though the ISO 27001 audit must be carried out according to structured criteria, the costs depend on various factors, including the complexity of your company. For this reason, no package offer can be made that suits every company. Among other things, the following four criteria are the basis for determining the costs of certifying your ISMS according to ISO 27001. Depending on the assessment, a reduced, normal or increased time and effort is the basis.
1. How complex is your information security management system?
Here we take into account the critical assets of your company (e.g. patents, personal data, facilities, processes). The time and effort needed for the audit is primarily based on the information security requirements and to what extent confidentiality, integrity and availability are affected:
2. What is the core business of your company within the scope of the ISMS?
At this point, the risks associated with your business processes play an important role in determining the necessary audit effort. Legal requirements are taken into account as well as complex, individual customer requirements.
3. Which are the main technologies and components used in your ISMS?
During the audit, the technology and the individual components of your ISMS will be examined. This includes IT platforms, servers, databases, applications and network segments. As a rule: the higher the proportion of standardized systems and the lower the complexity of your IT, the lower the effort and the lower the costs for an ISO 27001 certification may be.
4. What is the percentage of in-house developments in your ISMS?
If there is no internal development and you mainly use standardized software platforms, the effort of an assessment is lower. If your ISMS is characterized by intensive use of proprietary software that is used for central business areas, the effort for certification will be higher.
In order for us to be able to give you an overview of the costs for an ISO 27001 certification, we need precise information about your business model and the scope of your ISMS in advance. This will enable us to provide you with a customized offer. Please contact us directly here, your personal contact person will advise you.
In order to certify an information security management system, the respective certification body itself must be accredited according to ISO/IEC 17021 and ISO/IEC 27006. ISO/IEC 17021 regulates conformity assessment topics, especially requirements for institutions that audit and certify management systems. ISO/IEC 27006 defines strict requirements which certification bodies must comply with for the assessment and certification of an ISMS according to ISO 27001.
These include:
No matter which industry your company is active in, you can rely on the extensive expertise of DQS auditors. They have many years of experience in the evaluation of information security and other management systems for different industries.
DQS GmbH is accredited by the German Accreditation Body DAkkS and thus authorized to conduct audits and certifications according to ISO 27001.
No matter which industry your company is active in, you can rely on the extensive expertise of DQS auditors. They have many years of experience in the evaluation of information security and other management systems for different industries.
Each certification is planned individually, tailored to the circumstances and goals of your company. In our audits you will receive valuable impulses with which you may further develop your system and increase the performance of your organization. We take a close look at the processes and your management system.
This is what our customers say:
"With every audit and every potential for improvement we receive new insights and benefit from the many years of experience of our DQS auditors".
Tobias Hauk, Head of Integrated Management Systems at Rudolph Logistics
We would be happy to send you an overview of the costs for an ISO 27001 certification. Request the offer now and your personal contact will get in touch with you and advice you.