- the independent German certification body for education and economy in a globalized world.

DIN EN ISO/IEC 27001:2017 Information technology - Security techniques - Information security management systems - Requirements

Today, information technology systems penetrate all areas of an organization. Especially critical business processes are usually unthinkable without information technology. But this also increases the risks of data loss, theft of confidential data or damage to important systems.
The ISO/IEC 27001 is the leading international standard for information security management systems. It applies to private and public enterprises as well as non-profit organizations and defines the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.
Through its high-level structure, the information security management system can be fully integrated into an existing management system, e.g. according to ISO 9001:2015.

This standard provides a systematic, structured approach

to increase the availability of your own information technology systems, including existing data and information,
to protect the integrity of existing information,
to ensure the confidentiality of existing data and their protection against unauthorized access, as well as
to ensure the authenticity of information.

Organizations of all sizes and industries can provide evidence through certification by an accredited certification body such as DeuZert®,

to ensure continuous information security according to the Plan-Do-Check-Act cycle,
to recognize and control risks and thus to achieve continuous improvement,
to protect confidential data as well as
to meet external requirements for the availability, integrity and confidentiality of information, e.g. of accountants.

The DeuZert® certificate according DIN EN ISO/IEC 27001:2017 is an effective and confidence-building instrument

to improve one's own competitiveness,
to create trust with customers and thus generating higher business opportunities as well as
to be able to demonstrate an effective information security management system when awarding public contracts.

DeuZert® can offer favorable financial conditions despite the use of long-term experienced auditors, also with international reputation.

The procedure of the DeuZert® certification provides:

Offer based on a standardized questionnaire
Mandating the certification
Formal application for certification
Optional pre-audit
Planning the certification audit
Stage 1 audit as a priority documentation check for certification ability
Stage 2 audit with final audit report
Decision on certification in the DeuZert (R) Certification Committee
Certificate issue for three years
two calendar-year surveillance audits from the following year
Re-certification audit with an extension of the certificate for another three years [on request]

The following references can be used to request an offer.

Please, contact our customer service for further information.

Additional information

DIN EN ISO/ IEC 27001:2017 includes requirements for an information security management system that indirectly contributes to information security.
The standard is very generic, so to be applicable to all organizations regardless of type, size and business area. The requirements have a low level of technical detail, but the process requirements are well defined.

ISO/IEC 27001:2022 Information security, cybersecurity and privacy - Information security management system - Requirements was released in October 2022.

Current status: 26/10/2022

DeuZert® Deutsche Zertifizierung in Bildung und Wirtschaft GmbH

- the independent German certification body for education and economy in a globalized world.

DIN EN ISO/IEC 27001:2017 Information technology - Security techniques - Information security management systems - Requirements

Additional information

Externe Inhalte

Cookie-Einstellungen