Once an organization has implemented ISO/IEC 27001 the logical next step is certification in order to demonstrate compliance for their information security management system (ISMS). At the request of industry, IECQ is providing a worldwide certification system for one of the world’s best known and most trusted information security standards.
Although ISO/IEC 27001 certification has been around for some time, the lack of harmonization has resulted in different interpretations of the standard, with many certification bodies offering their own individual certificates. IECQ was regarded the organization best placed to offer a consistent approach.
ISO/IEC 27001 specifies the requirements for implementing, maintaining and continually improving an ISMS. It includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
The requirements set out in ISO/IEC 27001 are generic and intended to be applicable to all organizations, regardless of type, size or nature. The standard makes recommendations regarding leadership, commitment and policies, as well as actions to address risks and opportunities.
It’s a common misconception that ISO/IEC 27001 deals only with cyber security. In actual fact, ISO/IEC 27001 goes way further than cyber security and covers the global management of information.
This includes both information on an organization’s own operations, as well as information from external sources, such as suppliers and customers. A management system that meets ISO/IEC 27001 will look at overall security features such as:
– are there locks on the front doors?
– who can have keys and how is the allocation of keys/passwords to enter the building managed?
– under what conditions can external organizations have access into the building, e.g. cleaners, service organizations, essential services, etc.?
– is there a policy to lock up files overnight to prevent security staff and cleaners from seeing sensitive information on desks?
– how are old records – both paper and electronic – disposed of?
– what happens with the hard drives of computers that are discarded and replaced by newer ones?
ISO/IEC 27001 is now part of the approved process scheme that provides for the independent assessment and issuing of an international IECQ certificate of conformity for organizations that have demonstrated compliance with the relevant standards and/or specifications. IECQ ISMS facility assessments under the IECQ AP scheme ensure a focus on the key technical and administrative elements that provide confidence that the requirements of ISO/IEC 27001 have been met.
IECQ is a worldwide approval and certification system that covers the supply, assembly, associated materials and processes of a large variety of electronic components used in millions of devices and systems. IECQ provides manufacturers with independent verification that the requirements in IEC International Standards and other specifications are met by suppliers who hold an IECQ certification.