Secure Your Business




“Keep it simple:
As secure as possible
and still easy to handle.”

Mag. Krzysztof Müller,
Information Security Representative, Telekom Austria

Case Study: In six steps to certification




The procedure of a certification process for information security acc. to ISO/IEC 27001 and/or
IT service management acc. to ISO/IEC 20000 is broken down into three project phases. This procedure also applies to integrated management systems with combined audits. At implementation, sector and topic specific supplementary standards of the ISO 27k Series offer practice oriented support.



Information: An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.



Analysis: Evaluation of the individual requirements and assessment of existing measures acc. to ISO 27001 and/or ISO 20000 within the company. CIS as an independant Certification Body is not involved.


Implementation: Establishing measures according to the requirements placed by the specific standard. CIS as an independant Certification Body is not involved.



CIS Stage Review (voluntary preliminary review): Upon request, CIS will review the usefulness and efficiency of the implemented elements in the course of the project.


CIS System & Risk Review (preliminary review): CIS reviews interpretation of the requirements placed by the standard as well as the documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review provides a basis for the certification audit.


CIS Certification Audit: The CIS Auditor reviews the managementsystem by making multiple

samples on all levels of the organization. The audit report shows opportunities for improvement.



CIS Licence: By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate, which makes the quality of the ISMS and/or ITSMS visible even to your customers.


CIS Surveillance Audit: The Surveillance Audit, which is conducted once a year, reviews effectiveness

of the overall managementsystem as well as continual improvement.


CIS Recertification Audit: After 3 years, the Certificate, which has expired, can be renewed. 






CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com