Information security policy: ISO 27001

Dec 01, 2022 Audit

Organisations hold an inconceivable amount of information. A lot of it is often confidential and privacy sensitive. So that information should not be allowed to go public. And if it does? There can be far-reaching consequences. This means that as a business owner, you must implement proper protection for all the information your company holds. Would you like to demonstrate that your organisation does indeed handle information securely? An ISO 27001 certificate shows that your information security policy is indeed in order. This blog explains just what the ISO standard entails, and how complying with it strengthens your organisation. You will also learn how to obtain the ISO 27001 certificate, and how DEKRA can assist you with this.

What is the ISO 27001 information security policy? 

ISO 27001 is a globally recognised standard for information security​. This certification lets you implement a sound information security strategy for your organisation. In doing so you meet not just the legal requirements, but also the expectations of customers, employees and other stakeholders.

Why does ISO 27001 ensure a good information security policy?

You can consider ISO 27001 as a means of getting your information security policy in order. But why is it so important? And what benefits does it bring?

How do I obtain ISO 27001 certification?

Are you having yourself certified by DEKRA for an ISO 27001 information security policy? Then you should assume it will be a six- to nine-month process, entailing the following steps: 
1. We perform an audit of your documentation, looking at your risk analysis, for example. 
2. We perform an audit of the implementation, among other things considering the effective functioning of the management system.
3. You receive the certificate, valid for up to three years. 
4. We conduct a follow-up audit every year.
5. Recertification occurs in the third year. We conduct another audit, after which you can receive a new certificate.  
You may also opt to begin with a trial audit prior to the actual certification process. We then assess and check the Information Security Management System (ISMS) documentation for completeness and conformity with the standards. This audit is not compulsory, but it is useful. It’s a good way of discovering just how your organisation is doing prior to the actual process. And you can still take action where needed. This increases your chances of a positive outcome for the real audit.
ISO 27001 certification guide
Access the most important information and a checklist for your ISO 27001 certification with our ultimate guide.
Request download

7 Results

Dec 21, 2023
Why ISO 27001?
If you work with confidential information, you will need to consider obtaining ISO 27001 certification at some stage. Read about the benefits here.
View article
Dec 20, 2023 Audit / Environment / Sustainability
Environmental management system and ISO 14001
Within ISO 14001, the term environmental management system plays an important role. But what exactly does an environmental management system entail?
View article
Oct 03, 2023 Audit
What is ISO 45001?
What is ISO 45001 about and why is it important? Read our FAQs and find out all you need to know.
View article
Apr 04, 2023 Audit
Quality management system ISO 9001
ISO 9001 is a globally recognized standard for quality management systems. It is designed to help organizations improve their processes, products and services.
View article
Mar 08, 2023 Audit
The differences between ISO 27001 and NEN 7510
ISO 27001 and NEN 7510 are familiar standards that set rules and guidelines for handling confidential information. Find out more about the differences here.
View article
Jan 04, 2023 Audit
Risk analysis in information security
Would you like to have your management system certified to show that you are handling information responsibly? You first need to map out a few things if you are to secure all that information properly.
View article
Nov 24, 2022 Audit
Internal audit
Do you want your organization certified against a HKZ or ISO standard? Then internal audits are required. Without internal audits, you will not meet these standards.
View article