- the independent German certification body for education and economy in a globalized world.

ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements

Today, information technology systems penetrate all areas of an organization. Especially critical business processes are usually unthinkable without information technology. But this also increases the risks of data loss, theft of confidential data or damage to important systems.
The ISO/IEC 27001:2013 is the leading international standard for information security management systems. It applies to private and public enterprises as well as non-profit organizations and defines the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.
Through its high-level structure, the information security management system can be fully integrated into an existing management system, e.g. according to ISO 9001:2015.

This standard provides a systematic, structured approach

  1. to increase the availability of your own information technology systems, including existing data and information,
  2. to protect the integrity of existing information,
  3. to ensure the confidentiality of existing data and their protection against unauthorized access, as well as
  4. to ensure the authenticity of information.

Organizations of all sizes and industries can provide evidence through certification by an accredited certification body such as DeuZert®,

  • to ensure continuous information security according to the Plan-Do-Check-Act cycle,
  • to recognize and control risks and thus to achieve continuous improvement,
  • to protect confidential data as well as
  • to meet external requirements for the availability, integrity and confidentiality of information, e.g. of accountants.

The DeuZert® certificate according ISO/IEC 27001:2013 is an effective and confidence-building instrument

  • to improve one's own competitiveness,
  • to create trust with customers and thus generating higher business opportunities as well as
  • to be able to demonstrate an effective information security management system when awarding public contracts.

DeuZert® can offer favorable financial conditions despite the use of long-term experienced auditors, also with international reputation.

The procedure of the DeuZert® certification provides:

  1. Offer based on a standardized questionnaire
  2. Mandating the certification
  3. Optional pre-audit
  4. Planning the certification audit
  5. Stage 1 audit as a priority documentation check for certification ability
  6. Stage 2 audit with final audit report
  7. Decision on certification in the DeuZert (R) Certification Committee
  8. Certificate issue for three years
  9. two calendar-year surveillance audits from the following year
  10. Re-certification audit with an extension of the certificate for another three years [on request]

To request an offer and for further information, please contact our customer service.

Additional information

ISO/ IEC 27001:2013 includes requirements for an information security management system that indirectly contributes to information security.
The standard is very generic, so to be applicable to all organizations regardless of type, size and business area. The requirements have a low level of technical detail, but the process requirements are well defined.

Current status: 01/08/2018