ISO 27001 - Certification Center Security -

ISO 27001

1. Overview

Our certification body offers companies the opportunity to certify their information security management systems (ISMS) in accordance with the internationally recognized ISO 27001 standard. We certify organizations of all sizes and industries. With this certification, you achieve a high level of information security and can demonstrate this to your customers, suppliers, stakeholders, etc. The certification body of Würth IT GmbH, ccSec, is accredited by the German Accreditation Body (DAkkS).

2. ISO 27001

ISO 27001 is an international standard for information security management systems. It provides a framework for the introduction, implementation, maintenance and continuous improvement of information security in organizations. The standard specifies requirements that help to protect confidential data, manage IT security risks and improve resilience to information security breaches. The focus is on information security, cyber security and data protection.

3. Advantages of ISO 27001 certification

ISO 27001 certification demonstrates to customers, business partners and regulators that your organization operates a reliable information security management system. This strengthens trust in your organization and can lead to improved customer loyalty and the acquisition of new customers. Furthermore, certification supports compliance with legal and contractual security requirements and helps to minimize risk. ISO 27001 certification is recognized worldwide.

4. The certification process

The certification process begins with a preliminary review of important business data and an associated risk analysis. The certification then includes a detailed review of your ISMS by our auditors. After a successful audit and rectification of any non-conformities, the ISO 27001 certificate is issued. The certificate is usually valid for three years if a surveillance audit is carried out annually.

5. Contact us

For more information on ISO 27001 certification or to start the certification process, please do not hesitate to contact us.

Frequently Asked Questions

1. What does ISO 27001 certification cost?

The price of an initial certification with subsequent annual surveillance audits depends heavily on the size of your organization and your ISMS. The decisive cost factor is the audit days, i.e. the time spent by the auditors. Please contact us for an individual offer.

2. How long does the certification process take?

The calculation basis for the audit days, including preparation and follow-up time, is defined in a standard and is calculated by the certification body. Please contact us for an individual offer.

3. What requirements must my company fulfill?

Your company must have implemented an ISMS with all the required standard points, put it into practice ("lived" in your company) and carried out an internal audit. As a certification body, we are not involved in setting up the ISMS or providing advice.

4. Is ISO 27001 certification industry-specific?

No, ISO 27001 is not industry-specific. It is an international standard that is applicable to any type of organization, regardless of its size, sector or geographical location.

5. How often must surveillance audits be carried out?

Surveillance audits must be carried out annually. After the initial certification, two surveillance audits take place, followed by a re-certification. In the case of initial certification, it should be noted that the first surveillance audit must be carried out within 12 months.

6. What happens if deficiencies are identified during an audit?

For major nonconformities, the organization must submit a root cause analysis and a proposal for correction or a correction within a period defined in the certification rules. Further information can be found in our certification rules

7. Who is authorized to carry out certification according to ISO 27001?

In order to certify an information security management system, the respective certification body itself must be accredited in accordance with ISO/IEC 17021 and ISO/IEC 27006. ISO/IEC 17021 regulates conformity assessment topics, especially requirements for inspection bodies that audit and certify management systems.

ISO/IEC 27006 also defines strict requirements that certification bodies must comply with in order to certify an ISMS in accordance with ISO 27001.

8. Can ISO 27001 certification help with compliance with other regulations?

Yes, ISO 27001 as a framework for information security management can definitely help with compliance with other regulations, such as data protection guidelines, industry-specific regulations or national security regulations. The certification can also be used as proof of compliance with legal or regulatory requirements.