ISO 27001 certification
DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

ISO 27001 certification

Reliable information security with ISO 27001

Outdated technology, misusing IT or malware infections. These can all lead to cybercrime, IT failures, espionage and data misuse. How should you implement a strong information security strategy? ISO 27001 certification gives you this opportunity, letting you protect confidential information in your organization. DEKRA is happy to test your organization against the international ISO/IEC 27001 standards.

The ISO 27001 certification is for every organization that wants to demonstrate that it handles confidential information securely, with integrity and reliability. With an ISO 27001 certification you meet the expectations of customers and stakeholders. Do you operate in accordance with this standard? That means you are taking account of all the relevant information security risks. You are implementing technical and organizational measures to manage confidential data securely. Efficient and reliable cooperation between technical solutions and organizational processes is necessary. Only then will you achieve the level of security that meets the requirements of modern standards.

The ISO 27001 certification process

The ISO IEC 27001 audit comprises two phases. In the first, DEKRA checks the ISMS documentation and we determine whether your organization is ready for phase 2 of the certification.

Phase 1

The ISO 27001 certification process also includes a preparatory phase, which occurs before the actual audit​. The phase has nine steps:
1. Determine the scope of information security for your management system (ISMS).
2. Determine the information security objectives.
3. Develop a methodology for risk assessment and risk treatment.
4. Establish a statement of applicability (SoA).
5. Draw up a risk management plan and risk assessment report.
6. Establish security roles and responsibilities.
7. Draw up a resource list for technical measures.
8. Ensure acceptable use of resources.
9. Establish guidelines, for example for access control in accordance with Annex A of ISO 27001.

Phase 2

We assess the effectiveness of the ISMS in the second phase. Our auditors record the findings of the audit in a report. If the results are positive, you will receive the ISO 27001 certificate for a period of up to three years. We conduct a first follow-up audit within a year of the first one, then conduct the second one the following year. After three years recertification follows, with annual follow-up audits.

People Based Auditing (PBA)

In our audit process we always pay attention to the human factor. They determine how they implement the processes, systems and working methods. We call our working method People Based Auditing. A standard added value to our certification of ISO and HKZ Zorg en Welzijn. More about People Bases Auditing
Why DEKRA?
Experienced market leader

Our experts have many years of experience in information security and certification of management systems. DEKRA is operating in over 60 countries and our certificates are recognized worldwide.

Extensive portfolio

With us you can also combine the ISO 27001 standard with others, e.g., with NEN 7510, ISO 20000-1 or ISO 9000. This lets us carry out audits efficiently, saving you time and money.

People Based Auditing

We audit with recognition of the people in your organization. We call this People-Based Auditing.

New version ISO 27001 2022

A new version of ISO 27001 was released on 25 October 2022: ISO/IEC 27001:2022. DEKRA is accredited for this by the RvA. The new version has several modifications:
  • Chapters 4 to 10 are structured according to the Harmonized Structure.
  • Annex A of the standard is divided into 4 chapters (according to ISO/IEC 27002:2022):
    • A. organizational measures
    • B. personnel measures
    • C. physical measures
    • D. technological measures
  • Several measures have been combined.
  • 11 new measures have been added.
Your organization can already operate in accordance with the new ISO 27001 2022. For (re)certifications, DEKRA tests for compliance with ISO/IEC 27001:2022. Your current ISO/IEC 27001/2013 certificate remains valid until the date stated on the certificate, but no longer than 31 October 2025. From 1 April 2024, DEKRA will only certify against ISO/IEC 27001:2022. Certificates against ISO/IEC 27001:2022 are issued under the RvA Accreditation.

NEN-EN-ISO/IEC 27001:2023

In July 2023, the international version ISO/IEC 27001:2022 was approved specifically for Europe as NEN-EN-ISO/IEC 27001:2023. The difference is mainly in the preface added to the European version, while the content is otherwise the same as the international standard. ISO 27001:2023 does not affect existing certificates that have been obtained or will be issued according to ISO 27001:2022.
ISO 27001 certification guide
Access the most important information and a checklist for your ISO 27001 certification with our ultimate guide.
Download

Book a free session with our expert

Would you like to know how a DEKRA audit takes your organization to a higher level? We are happy to help you! Fill in the form below to get in touch with an ISO 27001 expert for free to discuss the process and aks questions about the audit.

Q&A: ISO 27001 in brief

What is ISO 27001?
ISO 27001 is an international standard for protecting privacy-sensitive information. It shows that your organization handles data and information securely.
Who is ISO 27001 for?
What form does the certification process take?
Can you combine ISO 27001 with other ISO standards?
Can you also perform IT audits with ISO 27001?
Who is DEKRA?
Can I contact a specialist?
DEKRA Audit stories

8 Results

Dec 27, 2023 Audit / Cyber Security
What is a CCV pentest?
What is the purpose of a CCV pentest? In this blog, you will read about the importance of a CCV pentest to optimize cybersecurity in your organization.
View article
Dec 20, 2023 Audit / Environment / Sustainability
Environmental management system and ISO 14001
Within the ISO 14001 standard, the term environmental management system plays an important role. But what exactly does an environmental management system entail?
View article
May 12, 2023 Audit
NEN 7510: Information security in Dutch healthcare
Information security plays an important role in many industries, and certainly in healthcare. Read more about NEN 7510 (information security in healthcare) in this b
View article
Mar 08, 2023 Audit
The differences between ISO 27001 and NEN 7510
ISO 27001 and NEN 7510 are familiar standards that set rules and guidelines for handling confidential information. Find out more about the differences here.
View article
Feb 28, 2023 Audit
CSR Performance Ladder with 33 indicators
In this blog, you will find more information about certifying against the CSR Performance Ladder, its 5 levels, the role of People, Planet & Profit and the 33 indica
View article
Jan 04, 2023 Audit
Risk analysis in information security
Would you like to have your management system certified to show that you are handling information responsibly? You first need to map out a few things if you are to secure all that information properly.
View article
Dec 01, 2022 Audit
Information security policy: ISO 27001
As a business owner, it is a necessity to properly protect all the information present in your company. An ISO 27001 certificate shows that your information security
View article
Nov 24, 2022 Audit
Internal audit
Do you want your organisation to be certified against an HKZ or ISO standard? If so, it is necessary to carry out internal audits. During an internal audit, you test
View article