ISO 27001

  • Overview
  • Benefits of Certification
  • Why Work With NSF?
  • Certification Process

ISO 27001, Information Security Management Systems, is applicable to all types of organizations, including commercial enterprises, government agencies and not-for-profit organizations. It describes the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system. ISO 27001 encompasses an organization's overall business risks and specifies requirements for the implementation of security controls.

For more information, call toll free (U.S. only) 888.673.9000, ext. 6881 or worldwide +1 734.827.6881 or email information@nsf-isr.org.

Benefits of Certification

As your business grows, the security risk to your information assets also grows. ISO 27001 describes the internationally accepted model for managing information security management systems (ISMS).

A certified ISO 27001 ISMS is a business tool that reduces risk to your information assets by:

  • Systematically examining your organization's security risks, including impacts, threats and vulnerabilities
  • Integrating your organization's information security/information technology programs
  • Providing one platform to manage the security compliance of regulations (such as Sarbanes-Oxley (SOX) and Department of Health and Human Services privacy rules (HIPAA))
  • Aligning information security with your overall business objectives

Why Work With NSF?

NSF-ISR has information security expertise. We have the technical expertise and auditing experience to give your organization practical ideas for risk reduction. We will provide you with:

  • Business-Focused Auditing – Our process is about making sure you meet internal business goals and objectives, customer requirements and conformance to the standard.
  • Auditor Continuity – We assign auditors to your organization on a long-term basis.
  • Audit Consistency – Our stringent auditor training and ongoing evaluations ensure audit consistency.
  • Customer Focus – Our award-winning customer service team helps plan, schedule and assist throughout the certification process.

Certification ultimately assures your senior management, clients and stakeholders that the risk to your ISMS is being effectively managed. Let NSF-ISR certification of your information security management systems bring your organization that sense of security you need to operate in a world of uncertainty.

Certification Process

The NSF-ISR ISO 27001 management systems certification process consists of these steps:

  1. Application and Contract – Your company submits an application and signs a contract (master agreement).
  2. Audit Team Assignment – NSF-ISR assigns an auditor team.
  3. Document Review – We perform a document review (when required) for the management system (MS) and issue a report of conformance or nonconformance.
  4. On-Site Readiness Review (ORR-Stage 1 Audit) – As the first stage of the certification process, NSF-ISR verifies readiness of the MS to continue with the certification process.
  5. Certification Audit (Stage 2) – Our audit team conducts an on-site audit to verify conformity to the specified standard.
  6. Independent Review – A certification board reviewer recommends the final certification /recertification decision.
  7. Notification of Certification – We notify your organization in writing, issue the certificate and publish the certification in our online listings.
  8. Surveillance Audits – NSF-ISR performs semiannual or annual audits to verify the MS is being maintained.
  9. Reassessment – NSF-ISR performs reassessment audits in accordance with requirements.

Related to ISO 27001

See all related news

See all training

Management Systems Mailing List

Management Systems Mailing List

View Mailing List Archives

close