With data breaches and cyber attacks a constant news feature, and the US suffering more publicly disclosed incidents than any other country, it’s no surprise that cybersecurity is an increasingly bigger concern.
Customers, partners, authorities, and other stakeholders all want assurances that organizations are taking reasonable steps to prevent data breaches.
After all, customers want to know that their data is safe. Partners don’t want to end up in the headlines due to a breach in their supply chain. And authorities want organizations to be meeting their legal obligations.
With that in mind, demand for ISO 27001 certification is increasing.
What is ISO 27001?
ISO 27001 is the internationally recognized standard that stipulates the requirements for an ISMS (information security management system). This standard was most recently updated in 2022.
A significant benefit of ISO 27001, compared to alternative standards (such as the NIST Cybersecurity Framework, is that organizations can achieve independent, accredited certification to it.
While organizations implementing an ISMS don’t have to achieve ISO 27001 certification, doing so has numerous benefits. Most notably, it offers potential and existing clients assurance that you’re following information security best practice.
How do you know whether the certificate or the certification body is legitimate?
The best way to validate a potential vendor’s certification is to ask for a copy of their certificate. Any organization with accredited certification should be happy to provide it.
However, do check that the certificate has been issued by an accredited certification body.
How do you assess whether the certification body is accredited?
Certification bodies must also go through their own strict accreditation process to ensure they meet requirements and are qualified to carry out audits in line with ISO 27001.
To verify that a US certification body is accredited, check whether it is listed on an accreditation body’s website.
Accreditation bodies are selected and appointed by the IAF (International Accreditation Forum). For the US, in 2024, it has listed three accreditation bodies for ISO 27001:
- ANAB (ANSI-ASQ National Accreditation Board)
- IAS (International Accreditation Service)
- UAF (United Accreditation Foundation)
For ISO 27001, ANAB is the biggest accreditation body. Here’s a list of ISO 27001 certification bodies it has accredited.
How to Implement ISO 27001: A 9-Step Guide
ISO 27001 Standard, Risk Assessment and Gap Assessment
ISO 27001 standards and training
Key strategies for ISO 27001:2022 compliance adoption
Implementation Guide ISO/IEC 27001:2022
Please send an email related to ISO27001:2022 implementation to info@DeuraInfoSec.com and we are happy to help!
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot
