You are here: Home / Services / Certification of Information Security Management System

Certification of Information Security Management System

For confirmation of conformance of Information Security Management System to requirements of international standard ISO 27001, and also its adequacy to risks business uses procedure of voluntary certification.

ISMS certificationGlobalTrust together with Russian branch of BSI offers to Russian companies the service of ISMS certification on correspondence to requirements of ISO 27001. GlobalTrust as the consultant having status BSI Registered Member, helps to prepare the organizations for passing of certification procedure, according to approved BSI methodology.

Accredited certification to ISO/IEC 27001 demonstrates to existing and potential customers that an organisation has defined and put in place best-practice information security processes.

ISO 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process defined by the ISO/IEC 17021 and ISO/IEC 27006 standards:

  • Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization's information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP). This stage serves to familiarize the auditors with the organization and vice versa.
  • Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO/IEC 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/IEC 27001.
  • Ongoing involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

ISO 27001 certification completely justifies the resources enclosed in this procedure and time. The certified organization receives a number of competitive advantages.

  • First, official registration of ISMS of the organisation in the register of authoritative bodies strengthens image of the company, raises interest from outside potential clients, investors, creditors and sponsors.
  • Secondly, as a result of successful certification the field of activity of the company extends because of possibility of involvement in tenders and business developments at the international level.
  • In the most sensitive areas, such, for example, the finance, presence of the certificate of conformance to ISO 27001 starts to appear as the mandatory requirement. Some russian companies already face these limitations.
  • Also it is very important that certification procedure renders serious motivating effect on company staff: level of awareness of employees raises, disadvantages and mismatches in ISMS come more effectively to light and eliminated that in the long term means for the organisation lowering of an average damage from security incidents.

Some other benefits of ISO 27001 are:

  • Keeps confidential information secure
  • Provides customers and stakeholders with confidence in how you manage risk
  • Allows for secure exchange of information
  • Allows you to ensure you are meeting your legal obligations
  • Helps you to comply with other regulations (e.g. SOX)
  • Provide you with a competitive advantage
  • Enhanced customer satisfaction that improves client retention
  • Consistency in the delivery of your service or product
  • Manages and minimises risk exposure
  • Builds a culture of security
  • Protects the company, assets, shareholders and directors

GlobalTrust experts help the clients at all stages of carrying out of certification, including final audit of a ISMS. The Russian branch of BSI as an international certification body is engaged in carrying out of precertified and certified audit, and registration of companies in uniform register.