DIN EN ISO/IEC 27001:2017 Information technology - Security techniques - Information security management systems - Requirements
Today, information technology systems penetrate all areas of an organization. Especially critical business processes are usually unthinkable without information technology. But this also increases the risks of data loss, theft of confidential data or damage to important systems.
The ISO/IEC 27001 is the leading international standard for information security management systems. It applies to private and public enterprises as well as non-profit organizations and defines the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.
Through its high-level structure, the information security management system can be fully integrated into an existing management system, e.g. according to ISO 9001:2015.
This standard provides a systematic, structured approach
- to increase the availability of your own information technology systems, including existing data and information,
- to protect the integrity of existing information,
- to ensure the confidentiality of existing data and their protection against unauthorized access, as well as
- to ensure the authenticity of information.
Organizations of all sizes and industries can provide evidence through certification by an accredited certification body such as DeuZert®,
- to ensure continuous information security according to the Plan-Do-Check-Act cycle,
- to recognize and control risks and thus to achieve continuous improvement,
- to protect confidential data as well as
- to meet external requirements for the availability, integrity and confidentiality of information, e.g. of accountants.
The DeuZert® certificate according DIN EN ISO/IEC 27001:2017 is an effective and confidence-building instrument
- to improve one's own competitiveness,
- to create trust with customers and thus generating higher business opportunities as well as
- to be able to demonstrate an effective information security management system when awarding public contracts.
DeuZert® can offer favorable financial conditions despite the use of long-term experienced auditors, also with international reputation.
The procedure of the DeuZert® certification provides:
- Offer based on a standardized questionnaire
- Mandating the certification
- Formal application for certification
- Optional pre-audit
- Planning the certification audit
- Stage 1 audit as a priority documentation check for certification ability
- Stage 2 audit with final audit report
- Decision on certification in the DeuZert (R) Certification Committee
- Certificate issue for three years
- two calendar-year surveillance audits from the following year
- Re-certification audit with an extension of the certificate for another three years [on request]
The following references can be used to request an offer.
Please, contact our customer service for further information.
Additional information
DIN EN ISO/ IEC 27001:2017 includes requirements for an information security management system that indirectly contributes to information security.
The standard is very generic, so to be applicable to all organizations regardless of type, size and business area. The requirements have a low level of technical detail, but the process requirements are well defined.
ISO/IEC 27001:2022 Information security, cybersecurity and privacy - Information security management system - Requirements was released in October 2022.
Current status: 26/10/2022