By: Gene Geiger, Partner of A-LIGN Security and Compliance Services
ISO 27001, published by the International Organization for Standardization, is a comprehensive information security standard that defines processes and controls that should be in place for the information security management system (“ISMS”) to protect the sensitive data and technology in your environment. Once these processes and controls are implemented and the ISMS is up and running you are ready to have those processes and controls audited by an outside security company. The certification audit is performed by a certification body (“CB”), like A-LIGN, to assess the conformity of your ISMS with the documented standard.
When selecting a CB you will need to understand the differences between an accredited and unaccredited certification to ensure the report and associated certificate will meet your needs. An ISO 27001 certification audit can be performed by any information security company that understands ISO 27001 but not all certificates are created equal. With only 7 other U.S. based information security companies accredited by the ANSI-ASQ National Accreditation Board (“ANAB”) to issue accredited ISO 27001 certificates it is important to understand what sets us apart and why the accredited certificate we issue is important to you.
To become an accredited CB the security company must first undergo a rigorous evaluation process. This process is in place to ensure the certification audit is performed in accordance with the International Organization for Standardization’s requirements for performing the audit. The evaluation process assesses the competence of the audit team, the audit methodology used by the company and the quality control procedures in place to ensure a properly executed audit and subsequent report. By selecting an Accredited ISO 27001 Certification Body, like A-LIGN, you know the audit will be performed properly and in accordance with the ISO standards.
In addition to understanding the differences between the CBs, you will need to understand the differences between the accredited and unaccredited certificate and its implications to you and your customers. If you are contractually obligated to become ISO 27001 certified or if you are pursuing a certification to gain a competitive advantage in your industry, an accredited certificate may be required. An accredited certificate is issued with not only the seal of the CB but the seal of the accreditation body. Each accredited certificate we issue contains the ANAB seal, which demonstrates to the reader that the certificate issued by A-lign complies with the ISO requirements for perform ISO 27001 certification audits. Accredited certificates are accepted worldwide and will be accepted by your customers and potential customers as a valid demonstration of the conformity of your ISMS with ISO 27001.
At the end of the audit, you want to receive the biggest bang for your compliance buck spent on the audit. You want to meet or even exceed the expectations of your customers and potential customers with regards to the security, confidentiality and availability of the data in your systems. You can meet both of these goals through an accredited certification from A-LIGN. If you have any questions or would like to learn more about ISO 27001 or the certification process please contact one of our security professional at 888-702-5446 or via email at [email protected].