Skip Ribbon Commands Skip to main content

DNV

Middle East [CHANGE]
Home   
Certification for your   Management Systems, Products
Training for your   Quality & Operational Excellence, Energy and Environment, Occupational Safety, Integrated Management Systems, Health, Safety & Environment (HSE), Information management and security, Non Destructive Testing (NDT), Corporate Responsibility, Food & Beverage, General Courses
Food & Beverage services for your   Food Chain Traceability, Food Safety, Product Certification, Seafood, Supply Chain Management
Sustainability services for your   Corporate Responsibility, Sustainability Services
Information & Resources:   News & Press releases, Events, Videos, Newsletters, eAdvantage (customer portal)
About us   
Find Us   Find Us
   
   
eAdvantage (customer portal)   
Find a valid certificate   
Media   Media Contacts
   
Site Map   
HomeCertificationManagement Systems >Information Security

ISO 27001 Information Security Management System

An ISO 27001 certificate demonstrates that you have taken necessary precautions to protect sensitive information against unauthorised access and changes. ISO 27001 certificates are issued by a third party certification body, and proves that your information security management system has been certified against a best practice standard and found compliant.​
Share
A | A | A
What is the ISO 27001 standard?
The ISO 27001 standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organisation’s information security management system.

ISO 27001 was established by the International Organization for Standardization (ISO). It has replaced BS 7799 and provides an international information security management system standard. Based on BS 7799, it has been reorganised to align with other international standards. Some new controls have been included, i.e. the emphasis on information security metrics and incident management.

The standard also draws upon other standards such as ISO/IEC 17799:2005, the ISO 13335 series, ISO/IEC TR 18044:2004 and OECD Guidelines for Security of Information Systems and Networks – Towards a culture of security that provide guidance for implementing information security.
 
Alignment with other management system standards
ISO 27001 is aligned with other management systems, and supports consistent and integrated implementation and operation with related management standards.

Features of ISO 27001:
  • ISO 27001 is harmonised with management system standards like ISO 9001 and ISO 14001.
  • ISO 27001 puts emphasis on a continual process improvement of your information security management system.
  • Clarifies requirements for documentation and records
  • Involves risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.
Protecting your assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.

ISO 27001 will help you protect your information in terms of the following principles:
  • Confidentiality ensures that information is accessible only to those authorised to have access.
  • Integrity safeguards the accuracy and completeness of information and processing methods.
  • Availability ensures that authorised users have access to information and associated assets when required.

Where do I go from here?
For third party certification, you need to implement an effective information security management system complying with the requirements of the standard.

DNV Business Assurance is an accredited third party certification body. We provide relevant training and certification services. See how you can get started on the road to certification.