The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards helps your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard witin the ISO family providing requirements for an information security management system (ISMS).
Like other ISO management system standards, certification to ISO/IEC 27001 is attainable but not required. Some organizations choose to implement this standard in order to benefit from the best practices it contains while other organizations decide to get certified for client assurance. The ISO does not perform the certification; the certification is performed by external bodies, thus a company or organization cannot be certified by ISO; however the ISO’s Committee on Conformity Assessment (CASCO) has produced a number of standards related to the certification process, which are used by certification bodies. When choosing a certification body, you should:
- Evaluate several certification bodies.
- Check if the certification body uses the relevant CASCO standard
- Check if it is accredited. Accreditation is not compulsory, and non-accreditation does not necessarily mean it is not reputable, but it does provide independent confirmation of competence. To find an accredited certification body, contact the national accreditation body in your country or visit the International Accreditation Forum.
MedicTek, Inc. is not a certification body; however, implementation of the standards required prior to certification is where we specialize in helping organizations achieve their goals related to ISO certification.