Wat is het verschil tussen ISO 27001 en ISO 27002?

ISO 27001 is een managementsysteemstandaard die beschrijft hoe een organisatie haar ISMS op een procesmatige manier kan inrichten. Dit proces moet voldoen aan de PDCA-cyclus en er moet een risicoanalyse uitgevoerd worden. ISO 27002 is een aanvulling op ISO 27001 en gaat in op de concrete maatregelen die nodig zijn voor een goede informatiebeveiliging.

Wat is het verschil tussen ISO 27001 en ISO 9001?

ISO 27001 is een internationale norm voor informatiebeveiliging die gericht is op het implementeren van een managementsysteem voor informatiebeveiliging. ISO 9001 daarentegen is de wereldwijde norm voor kwaliteitsmanagement, met focus op het opzetten van een intern kwaliteitsmanagementsysteem.

Welke andere normen zijn er in de ISO 27000-familie?

De ISO 27000-serie omvat alle normen die verband houden met informatiebeveiliging. ISO 27001 en ISO 27002 zijn de bekendste, maar enkel ISO 27001 is certificeerbaar. Andere normen zijn uitbreidingen voor specifieke domeinen, zoals clouddiensten (ISO 27017), netwerkbeveiliging (ISO 27033) en de gezondheidszorg (ISO 27799).

Hoe lang is een ISO 27001-certificaat geldig?

Een ISO 27001-certificaat is drie jaar geldig en volgt een cyclus. Tijdens deze drie jaar vinden tussentijdse audits plaats om te controleren of de organisatie blijft voldoen aan de normeisen. Na drie jaar is er een hercertificering, en bij een positief resultaat wordt het certificaat opnieuw met drie jaar verlengd.

ISO 27001 certification

Demonstrate your information security with ISO 27001 certification.

ISO 27001 is the international standard for establishing, implementing, and continuously
improving an Information Security Management System (ISMS).

With certification, you demonstrate that you systematically manage risks and that the
confidentiality, integrity, and availability of information are guaranteed.

Brand Compliance conducts ISO 27001 audits under accreditation.

Request no obligation proposal

What is ISO 27001 certification?

ISO 27001 is the international standard for information security. ISO 27001 certification, also known as an ISMS (Information Security Management System), demonstrates that you meet the information security requirements of this standard. Information security is crucial for several reasons.

It ensures that:

Confidential information remains protected and is only accessible to authorized individuals (confidentiality);
Information is accurate and complete, and has not been modified or altered (integrity);
Information is available to the people who need it, when they need it (availability).

Many sectors and regulations require companies to secure certain types of information. Failure to do so can result in legal and financial consequences. Furthermore, an information security breach can damage a company’s reputation and undermine customer trust, which is often difficult to repair.

What are the requirements for ISO 27001?

ISO 27001 describes the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

The key requirements of ISO 27001 are:

Context analysis: The organization must understand its internal and external environment to determine the scope and objectives of the ISMS.
Risk assessment and risk treatment: The organization must identify risks that could affect information security and implement appropriate measures to manage these risks.
Security controls: The organization must implement, regularly evaluate, and update appropriate security measures.
Management responsibility: Top management must provide resources and support for the ISMS and be actively involved in its implementation.
Performance evaluation: The organization must regularly evaluate the performance of the ISMS to make improvements.
Continuous improvement: The organization must continually strive to improve information security and meet the changing needs of stakeholders.

How can I obtain ISO 27001 certification?

To obtain ISO 27001 certification, you can take the following steps:

Acquire the ISO 27001 standard through, for example, the NBN.
Schedule a free, no-obligation introductory meeting with one of our account managers to learn more about the certification process for your organization.
Acquire the necessary knowledge about ISO 27001, for example, by taking a training course through our BC Academy.
Implement the ISO 27001 management system in your organization and ensure it meets the standard’s requirements.
Conduct internal audits to verify that the system is functioning properly and meets the standard’s requirements.
Have management review the results of the internal audit and take corrective action if necessary. This should be documented in a management review.
Have an independent auditor from Brand Compliance verify that your system meets all ISO 27001 standard requirements.
If your organization meets the requirements, you will receive an ISO 27001 certificate.

How much does ISO 27001 certification cost?

Implementation begins with the purchase of the ISO 27001 standard. The cost of the entire process depends on various factors, such as the complexity of the processes, shifts, the extent to which your organization already meets the standard requirements, the number of employees, and the various locations.

The cost of certification is based on the number of hours Brand Compliance requires for preparation, the audit itself, the reporting, and additional costs such as the certificate, administration, and travel expenses.

The quickest way to calculate the cost is to schedule an introductory meeting.

The value of ISO 27001 certification

In short, information security is crucial for:

protecting sensitive data
maintaining customer and partner trust
complying with laws and regulations

ISO 27001 certification is therefore invaluable. It allows you to demonstrate to your stakeholders that your information security meets strict standards.

Brand Compliance can perform this certification for you under BELAC accreditation.

Schedule introductory meeting

What is the difference between ISO 27001 and ISO 27002?

ISO 27001 is a management system standard that describes how an organization can implement its ISMS in a process-oriented manner. This process must comply with the PDCA cycle and include a risk analysis. ISO 27002 supplements ISO 27001 and addresses the specific measures required for effective information security.

What is the difference between ISO 27001 and ISO 9001?

ISO 27001 is an international standard for information security that focuses on implementing an information security management system. ISO 9001, on the other hand, is the global standard for quality management, focusing on establishing an internal quality management system.

What other standards are there in the ISO 27000 family?

The ISO 27000 series encompasses all standards related to information security. ISO 27001 and ISO 27002 are the most well-known, but only ISO 27001 is certifiable. Other standards are extensions for specific domains, such as cloud services (ISO 27017), network security (ISO 27033), and healthcare (ISO 27799).

How long is an ISO 27001 certificate valid?

An ISO 27001 certificate is valid for three years and follows a cycle. During these three years, surveillance audits are conducted to verify the organization’s continued compliance with the standard. After three years, recertification is required, and if the certification is successful, it is extended for another three years.