Österreich
Secure Your Business
 

FROM IMPLEMENTATION TO CERTIFICATION

 

Zertifizierung27001_KrzysztofMueller_web

“Keep it simple:
As secure as possible
and still easy to handle.”

Mag. Krzysztof Müller,
Information Security Representative, Telekom Austria


Case Study: In six steps to certification

 

 

 

The procedure of a certification process for information security acc. to ISO/IEC 27001 and/or
IT service management acc. to ISO/IEC 20000 is broken down into three project phases. This procedure also applies to integrated management systems with combined audits. At implementation, sector and topic specific supplementary standards of the ISO 27k Series offer practice oriented support.

  

 
 

Information: An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.

__________

 

Analysis: Evaluation of the individual requirements and assessment of existing measures acc. to ISO 27001 and/or ISO 20000 within the company. CIS as an independant Certification Body is not involved.

   

Implementation: Establishing measures according to the requirements placed by the specific standard. CIS as an independant Certification Body is not involved.

__________

  

CIS Stage Review (voluntary preliminary review): Upon request, CIS will review the usefulness and efficiency of the implemented elements in the course of the project.

  

CIS System & Risk Review (preliminary review): CIS reviews interpretation of the requirements placed by the standard as well as the documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review provides a basis for the certification audit.

 

CIS Certification Audit: The CIS Auditor reviews the managementsystem by making multiple

samples on all levels of the organization. The audit report shows opportunities for improvement.


__________

  

CIS Licence: By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate, which makes the quality of the ISMS and/or ITSMS visible even to your customers.

   

CIS Surveillance Audit: The Surveillance Audit, which is conducted once a year, reviews effectiveness

of the overall managementsystem as well as continual improvement.

  

CIS Recertification Audit: After 3 years, the Certificate, which has expired, can be renewed. 

  

 

 

 

CIS_Implementierung_Eng_large

 
 
CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com

T&C