ISO 27001 Certification (ISMS)

Certified ISMS protecting your business

An effective information security management system (ISMS) helps your organisation to manage risks in IT and OT application by pursuing confidentiality, integrity and availability (CIA) of your data and processes. The globally recognised ISO/IEC 27001 standard defines the criteria for setting up, implementing, operating, assessing and continuously improving a state of the art ISMS. To support the development and implementation of an ISMS additional guidance can be obtained by the ISO/IEC 27002.

Certification according to ISO/IEC 27001 provides objective and credible evidence of the effectiveness of your ISMS thus creating the trust of your customers and other stakeholders. Experienced auditors’ setup tailored audit programs and regularly review the requirements in the most practical manner. You will receive in-depth feedback about the conformity, maturity and potentials of your ISMS. Thus, helping to continuously improve CIA!

Contact us

Target groups for ISO/IEC 27001 certifications

ISO/IEC 27001 is very generic and applicable for any kind of organisation in any sector.
And so, the certifications are.

Besides audits of ISMS, TÜV NORD also offers certifications according to many other standards, such as ISO 9001 for quality management or ISO/IEC 20000-1 for IT-service quality, or ISO 22301
for business continuity management, which can be audited in a combined or even integrated program.

Advantages of ISO/IEC 27001 certifications

Better risk management in application IT and OT –
avoidance of security incidents, costs and harm
Improved confidentiality, integrity and availability (CIS) of data and processes
Higher cost effectiveness of your experts
by doing the "right" thing – doing it right
Motivated experts and employees live ISMS
bring continuous improvement and state of the art processes
Trustful and feedback from very experienced auditors
leading to a valuable certificate from a globally renowned certification body
Best compliance – improved stakeholder trust and reputation

Audit process for ISO 27001 certification

1

01

Enquiry, bid preparation & clarification

2

02

Contracting, individual scheduling & audit planning

3

03

Audit: Understanding the organisation & determining readiness for certification

4

04

Assessment of conformity & maturity as well as identification of potentials for improvement

5

05

Quick four-eye certification check & decision; issuance

6

06

Issuance of certificate

7

07

Continious improvement of management systems

Important information regarding the revision of ISO/IEC 27006-1:2024

In March 2024, ISO 27006 was revised to ISO/IEC 27006-1:2024. This standard defines the rules for audits and certifications of management systems based on ISO 27001.

After the end of the transition period, any certification according to ISO 27001 must be based exclusively on the new revision ISO/IEC 27006-1:2024 . Neither the validity nor the expiry date of existing certificates are affected by the revisions in ISO/IEC 27006-1:2024. The International Accreditation Forum (IAF) has set a two-year transition period and some transitional arrangements.

In the following document, we provide you with everything you need to know about the ISO 27006 revision:

Customer information (PDF)

Climate change – additions to management system standards

In a joint declaration in February 2024, the International Accreditation Forum (IAF) and the International Organisation for Standardisation (ISO) explained the additions to various management system standards. The statement emphasises the importance of taking climate change into account in the various management systems.

Sections 4.1 and 4.2 of the respective standard are affected. The additions are intended to ensure that climate change issues are considered by the organisations in addition to all other aspects in connection with the effectiveness of the management systems.

Customer information (PDF)

FAQs about the ISO 27001 audit

Including legal, regulatory and contractual regulations, ISO 27001 defines requirements for the structure, introduction, implementation, operational monitoring and documentation of your ISMS.

Existing risks for your company are identified, analysed and remedied through qualified measures, including hacker attacks and other disruptions that lead to unplanned process interruptions or even paralyse business operations.

The Plan-Do-Check-Act model on which ISO 27001 is based guarantees continuous improvement in all of this.

Thanks to its high-level structure, the information security standard can also be fully integrated into an existing management system in accordance with ISO 9001 or ISO 14001.

If you wish to be certified to ISO 27001, you must have implemented a risk management system in your organisation, including the identification, analysis, assessment and treatment of risks and a consideration of their applicability.

The certification is aimed at organisations and companies from all sectors in which IT security plays a role - from the manufacturing industry and retailers to service providers and utilities.

TÜV NORD also offers internal and external service providers of IT services certification in accordance with ISO 20000-1 for efficient IT service management.

ISO 27001 is not limited to IT processes, but also takes into account aspects of infrastructure such as organisation, personnel and buildings. After all, data security is becoming an increasingly important competitive factor.

This is particularly true for operators of critical infrastructures (KRITIS), who are obliged by BSI law to guarantee a minimum level of IT security.