We explicitly state that within the following steps, this is a very basic informational procedure for the implementation of a certification process. The steps concerning the design, the implementation and the operation of information security management systems, are performed solely by the company to be certified. The certification body does not provide any consulting services in this case. The purpose of the workshop described in Step 1 is carried out by the certification body, strictly to obtain general information applicable to the certification and to improve the estimation of the required effort.
Step 1: Workshop
Each new project needs qualified coordinators and "Promoters".
Therefore, we always begin a certification process with a workshop in which the requirements from the ISO standard 27001 as well as the expectations of a certification body are clearly explained to the responsible persons in their enterprises.
Step 2: Risk Analysis
With the structured risk analysis, the intent is to capture the material and idealistic values of your enterprise and analyze them based on their vulnerabilities. The productive discussions which are developed with this step most often reveal the main or important topics which are to be addressed.
Step 3: Applying the Findings
With the findings revealed from the risk analysis, a plan of measures can be developed that should greatly reduce or eliminate most of the vulnerabilities. A residual risk is consciously accepted here as a requirement of business operations.
Step 4: Documenting the Measures
The measures are then documented in an Information Security Management Handbook (ISMS Handbook). This ISMS Handbook later servers as the work basis for your security coordinators and is the foundation for the certification. Our philosophy is: “Quality, not quantity.”
Step 5: Desktop Review
With the desktop review, the ISMS Handbook is examined and evaluated by us for conformity with the ISO Standard 27001. The deviations are documented by us in a “Non-conformity” report and forwarded to you.
Step 6: Eliminating Deviations
You can now eliminate the deviations discovered during the desktop review. Once this is completed, there is nothing standing in the way of a certification audit.
Step 7: Audit
An audit occurs with a mixture of interviews with competent company personnel and personal observations of our auditors. While with the desktop review, only the documented situation of the required condition is analyzed, we examine whether this actually corresponds with the actual situation during the audit; lastly if this is being "lived."
Step 8: Conclusion - Certification
Concluding the certification, you receive an accredited certification document from us as proof of your functional ISMS. Naturally, we document this audit in a final report whereas all relevant points are listed. This way, you can review our evaluations at any time.