What is ISO 27001 Information Security Standard Certification?

ISO 27001 is the current International Standards Organisation (ISO) Information Security Management System Standard, which is recognised as a worldwide benchmark for business Information Security standards, and recognises that ISO 27001 Certified organisations have been assessed by an independent third party Certification Body as meeting the ISO 27001 Information Security Management System Standard.

Your organisation can achieve ISO 27001 Information Security Certification when Certification Oceania has completed an independent, third-party assessment of your Information Security management system documentation, established whether it has been implemented and has determined that your organisation has addressed each of the requirements in the ISO 27001 Information Security Standard.

Benefits of Certification

Certification to ISO 27001 Information Security Standard is being asked for from suppliers and service providers to public and private sector organisations because of the increase in cybercrime and the dangers of an organisation being hacked. Indeed, increasingly Certification to ISO 27001 Information Security Standard is becoming a mandatory requirement. Certainly this is the case for all levels of government, financial institutions, universities, centres of research, health facilities such as hospitals, general practice, primary health providers, Primary Health Networks (PHNs), corporations, public institutions, private companies and not-for-profit organisations.

ISO 27001 Information Security Standard Certification requires that organisations document, implement, and Certifying compliance with respect to requirements such as, but not limited to:

· Establishing and managing the Information Security Management System (ISMS)

· Implement and operate the ISMS

· Monitor and review the ISMS

· Maintain and improve the ISMS

· Documentation requirements

· Control of documents

· Control of records

· Management responsibility

· Management commitment

· Resource management

· Provision of resources

· Training, awareness and competence

· Compliance information security

· Roles and responsibilities

· Risk assessment

· Information security policies and procedures

· Managing access

· Business continuity and information recovery

· Internet and email usage

· Information backup

· Malware, viruses and email threats

· Computer network perimeter controls

· Mobile electronic devices

· Physical facilities and computer hardware, software and operating system

· Security for information sharing

· Related standards, and legislation

· Data incident/breach Policy and Procedures

· Internal ISMS audits

· Management review of the ISMS

Reference Standards:

· ISO/IEC 27001:2013 Information Technology – Security Techniques – Information Security Management Systems - Requirements

· AS/NZS ISO/IEC 27002:2006 Information Technology – Security Techniques – Code of Practice for Information Security Management

· AS ISO/IEC 27002:2015 Information Technology – Security – Techniques – Code of Practice for Information Security Control

· ISO/IEC 27033-6:2016 Information technology – Security techniques - Network Security – Part 6 Securing wireless IP network access

· ISO/IEC 27035-1:2016 Information technology – Security techniques - Information security incident management – Part 1: Principles of Incident Management