ISO 27001 certification audit
In April of 2009, Virtual Guardian became the first IT security consultancy company in Canada to obtain its ISO 27001 certification. Now that Virtual Guardian is considered an official ISO auditing company wit can offer the following services regarding ISO certification:
- Pre-evaluation audit of your company in preparation for certification;
- Consultation regarding ISO 27001 (the Certification) and 27002 (the industry’s Best Practices);
- Certification project management: implementation from A to Z;
- Conferences/public speaking events to raise ISO 27001 awareness.
The certification process
The ISO 27001 process can be summarized in six main steps. These steps are:
- Choice of Registrar: Each applying company (“Applicant”) can select the certification body (“Registrar”) of its choice.
- Pre-evaluation audit: The Applicant can choose to do a pre-audit, to measure the gap between its Information Security Management System (ISMS) and the ISO requirements.
- Documented audit: This is a complete review of documents relating to the company’s management of its ISMS. The auditors do not have to be present for this phase the goal being simply to verify if the existing documentation is compliant with audit requirements.
- Audit on location: The second phase o the audit is bases on data collected during the first phase. The registrar must produce an “on location plan” in order to proceed with phase 2. This phase is conducted at the ISMS location.
- Accreditation: If the auditors report that the Applicant is compliant on all levels and respect the ISO Code, the Registrar will publish the accreditation certificate.
- Continuous improvement and surveillance audit(s): Once the Applicant is certified, the Registrar will conduct bi-annual visits on location to ensure that the ISMS remains compliant to the norm.
To consult the directory of certified companies, you can follow this link on the SGS’ corporate website.
For further information, feel free to contact us.