ISO 27001 Standard

The ISO 27001 standard is the standard for information security, used and accepted worldwide. The standard describes how you can handle information security process-wise and which requirements you need to meet. Setting up the information security management system according to this standard gives you the opportunity to have it independently tested and certified. 
Certification against this standard demonstrates that you have a working information security management system. Our customers use ISO 27001 certification, for example, as a signal to organisations they work with. Moreover, the certification is a requirement in many tenders.

Where can you buy the ISO 27001 standard?

The ISO 27001 standard is available exclusively from the NEN. The standard contains requirements on establishing, implementing, maintaining and continuously improving the information security management system. The requirements in this standard are suitable for all organisations. 

Certification against the ISO 27001 standard

To obtain certification, an ISO 27001 audit is required first. This is where DigiTrust can help you. Our certification process has a number of logical steps.

1. Pre-audit (optional)
During the Pre-audit, we check whether you are ready for certification. What is the status of the management system? Are there any issues that may not be in order? Together with you, DigiTrust can determine which topics should be covered during this pre-audit. We also determine the duration together. Usually this is between 2 and 4 days for a good picture of the management system and all control measures. After each pre-audit, DigiTrust provides you with a clear audit report, detailing where you may not yet be working in accordance with the ISO 27001 standard requirements.
Tip; this is a frequently chosen option. It really gets you started in the process and immediately gives you a good idea of where you stand as an organisation.

2. Initial certification
DigiTrust tests whether the system works and functions according to the requirements from ISO 27001. This assessment also includes the review of all operations at your office as well as at the implementation site. The initial certification consists of 2 parts. The phase 1 and phase 2 audit.
During the phase 1 audit, we take an outline look at your management system (ISMS) and whether you are really ready for the phase 2 audit. We will also create the audit plan together for the phase 2. Who do we need when.
During the phase 2 audit, we test the ISMS and all management measures.

3. Issue certificate
In case of a positive assessment, the auditor will nominate the organisation for certification. The certification manager will do a quality check on the file. If everything is in order, you will receive the ISO 27001 certification.

If you wish or like it, we can also come and present the certificate at your premises.