HOW TO GET ISO 27001 CERTIFIED
Two types of ISO 27001 certificates exist: (a) for organizations, and (b) for individuals. Organizations can get certified to prove that they are compliant with all the mandatory clauses of the standard; individuals can attend the course and pass the exam in order to get the certificate.
For an organization to become certified, it must implement the required standards and then go through the certification audit performed by the certification body. The certification audit is performed in the following steps:
- Stage 1 audit (Documentation review) – the auditors will review all the documentation.
- Stage 2 audit (Main audit) – the auditors will perform an on-site audit to check whether all the activities in a company are compliant with ISO 27001 and with ISMS documentation.
- Surveillance visits – after the certificate is issued, during its 3-year validity, the auditors will check whether the company maintains its ISMS.
Individuals can go for several courses in order to obtain certificates – the most popular are:
- ISO 27001 Lead Auditor Course – this course will teach you how to perform certification audits and it is intended for auditors and consultants.
ISO 27001 Internal Auditor Course – this course will teach you the basics of the standard and how to perform an internal audit – it is intended for beginners in this topic and for internal auditors.