Certification ISO 27001: 2013
Optimize information processing with ISO 27001
La ISO 27001 - Information Security Management System (Information Security) is one management standard. It is not a technical standard in the sense of «IT technician» even if it includes the management of IT security aspects.
The ISO 27001 Information Security Management System applies to all information, whatever the method of treatment of the same (treatment computer or paper).
The Certificate is issued exclusively with the international reference standard ISO / IEC 27001: 2013. The UNI CEI standard ISO / IEC 27001: 2017 incorporates two corrigendum standards with respect to UNI CEI ISO / IEC 27001: 2014.
This at a national level with the standards translated into Italian by UNI. The international version of the ISO has not been updated and remains the ISO / IEC 27001: 2013.
Advantages for the company that certifies itself
> Request for an offer from the customer interested in certification
> Acquisition of all the information necessary for the certification and issue of the offer by AX-REGISTER
> Acceptance of the offer by the customer
> Analysis of any gaps and assessment of the current compliance of the ISMS with the regulatory requirements
> Verification aimed at evaluating the implementation of the principles and structure of the Management System (applicable legislation and regulations, security policy, risk analysis, Statement of Applicability (SoA), clear and consistent definition of the purpose, risk treatment plan)
> Verification aimed at evaluating the adequate and effective implementation of the Management System, through techniques that involve the analysis of documents, observations, interviews with personnel.
> This verification is aimed at issuing the certificate
> Audit carried out annually after certification, to check continuous improvement
> The Renewal Audit is carried out after three years following a complete verification or continuous evaluation over time.