ISO 27001:2013 – Information Security Management
The ISO 27001:2013 standard sets out the principles, terms and requirements related to information security management systems.
In today’s competitive business environment, information is constantly “threatened” by various sources. Therefore, there is a general need for an Information Security Policy for all organizations, the ISO 27001:2013 standard being intended to help organizations of any type and size to implement and operate an Information Security Management System.
By implementing ISO 27001:2013, organizations can develop a framework for managing the security of their information assets – including financial information, intellectual property and employee information – or information entrusted to the organization by customers or third parties.
The 2005 edition of ISO 27001 was revised in 2013. The main improvements aim the security controls – in order to ensure that the standard is maintained up to date, able to deal with current risks such as identity theft, risks related to mobile equipment and other online vulnerabilities, according to a press release from the International Organization for Standardization. At the same time, the new version of the ISO/IEC 27001:2013 standard allows an easy integration with any other management system.
The certification process
Click to see YOUR CERTIFICATE issued by URS CERTIFICARI
The price of a certification according to 27001:2013 is established depending on the structure, size and field of activity of the organization.
Frequently Asked Questions
Certification is the verification of the compliance of management systems with the ISO reference standards.
This analysis is carried out by a certification body.
ISO is the abbreviation for the International Organization for Standardization based in Geneva.
This organization issues international standards called generic ISO.
Management system certifications according to ISO standards are valid for a period of 3 years.
In the third year, the recertification audit is performed, the organization thus entering a new 3-year certification cycle.
The audit is a systematic, independent and documented activity that aims to assess the extent to which certain requirements are met.
The audit should be seen as a tool for improvement and in addition to the objectives of any audit, the audit team should also consider identifying potential areas for improvement and shall document these in the form of recommendations in the audit report, along with other findings (nonconformities or identified weaknesses).
The certification audit is carried out in 2 stages:
- The analysis of the documentation and obtaining the necessary information regarding the field of the management system.
- The assessment of the Management System operation on site.
The verification of the implementation and operation of the management system in accordance with the reference standard, followed by the closure of non-conformities.
We consider the audit process as a comfortable, positive experience, oriented towards providing added value – it is a process of collaboration, cooperation and you are the customer. An effective audit process allows the management to evaluate their own efficiency in controlling the company in the desired manner.
- Sending the quotation.
- Signing the contract and agreeing on the payment method.
- Scheduling the audit date.
- The certification audit. Preparation of necessary reports.
- Verification of audit documentation and closure of non-compliances.
- The issue of the certificate.
- Surveillance audit I. It is found that the system is maintained and improved by a new audit no later than 1 year after the completion of the certification audit.
- Surveillance audit II. It is found that the system is maintained and improved by a new audit no later than 2 years after the completion of the certification audit.
- Recertification. In order to maintain continuity, the recertification audit must be carried out before the expiration of the certificates.
A standard is a document established by consensus and approved by a recognized body, which provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context. (according to ISO/IEC Guide 2:1996).
Certification according to ISO management systems or the Good Practice Guide in order to ensure the health of the customers is a voluntary process.
The Certification is a useful tool for the management of the company, which thus has the certainty of implementing the best practices in order to protect the health of the customers and employees.
- Accreditation and recognition at national and international level
URS Certificari performs audits and issues certificates with UKAS accreditation, EA-MLA member according to the ISO/IEC 17021:2011 accreditation standard.
The most professional ISO certification bodies are accredited by accreditation institutions recognized for their competence and performance worldwide. An example thereof is UKAS (The United Kingdom Accreditation Service). This accreditation clearly certifies that the certification body carries out activities in the most professional way possible.
For Romania, there is RENAR, the institution that accredits certification bodies in Romania, thus allowing for national recognition.
- Service quality.
The attitude and professionalism of the URS team are evaluated monthly by our clients.
Recommendation is one of the most important ways to promote ourselves. We consider the recommendation a powerful tool because it speaks about the trust that our clients have in the URS Certificari team and in the services provided.
The validity period of an ISO certificate is three years. In order to maintain continuity, the recertification audit must be carried out before the expiration of the certificates.
The organizations that grant certifications of compliance with international standards to third parties are themselves accredited by accreditation bodies (e.g., UKAS or RENAR Romania) and are therefore called Accredited Certification Bodies.
The accreditation means that certification bodies have in turn been assessed in regard to internationally recognized standards, in order to demonstrate their competence, impartiality and performance.
The accreditation allows to distinguish a competent assessor who ensures that the choice of a certification or inspection body is a well-documented one. An accredited certification body can prove to their customers that they meet the requirements of the international accreditation standards. The result is a reduced risk of a customer choosing and paying an incompetent assessor, or worse, being guided by results without any real basis.
The accredited ISO certification complies with the strictest requirements of the tenders and is recognized nationally and internationally.