Cookie consent(s)
We use cookies on our website to personalize content and ads, to provide social media features and to analyze traffic to our website. Please click "ACCEPT ALL" to enable us to offer you the best possible experience on our website. By doing so, you consent to the processing and sharing of your information with our social media, advertising and analytics partners. You can revoke your consent at any time on the cookie settings page​.
Privacy statement

ISO 27001 information security policy

Dec 01, 2022 Audit

How ISO 27001 strengthens your information security policy

Organisations hold an inconceivable amount of information. A lot of it is often confidential and privacy sensitive. So that information should not be allowed to go public. And if it does? There can be far-reaching consequences. This means that as a business owner, you must implement proper protection for all the information your company holds. Would you like to demonstrate that your organisation does indeed handle information securely? An ISO 27001 certificate shows that your information security policy is indeed in order. This blog explains just what the ISO standard entails, and how complying with it strengthens your organisation. You will also learn how to obtain the ISO 27001 certificate, and how DEKRA can assist you with this.

What is the ISO 27001 information security policy? 

ISO 27001 is a globally recognised standard for information security​. This certification lets you implement a sound information security strategy for your organisation. In doing so you meet not just the legal requirements, but also the expectations of customers, employees and other stakeholders.

Why does ISO 27001 ensure a good information security policy?

You can consider ISO 27001 as a means of getting your information security policy in order. But why is it so important? And what benefits does it bring?
ISO 27001 certification guide
Access the most important information and a checklist for your ISO 27001 certification with our ultimate guide.
Request download

How do I obtain ISO 27001 certification?

Are you having yourself certified by DEKRA for an ISO 27001 information security policy? Then you should assume it will be a six- to nine-month process, entailing the following steps:
Step 1: Introduction
We are happy to visit you, or contact you via Teams or by phone. During the meeting we will discuss the process of an ISO 27001 certification. After this you prepare your organization for the ISO 27001 audit.
Step 3: Report and evaluation
Our lead auditor shares the audit report. In it you will find all the results of the audit.
Step 2: Audit at your location
Our auditors perform an audit at your location. Here we assess and test the operation of the management system. We check whether it works as described in your organization's management system. Your organization must demonstrate that you are in control. If this cannot be demonstrated, it may be necessary to subsequently test the corrective measures.
Step 4: ISO 27001 certification
Upon successful completion, you will receive your ISO 27001 certificate. The certificate is valid for up to three years.
Step 5: First follow-up audit
Within a year, we conduct a follow-up audit. In this we assess whether your management system is still working according to the standard.
Step 6: Second follow-up audit
About a year later, we hold a second follow-up audit. We again assess whether your management system works according to the standard.
Step 7: Recertification
In the third year after ISO 27001 certification, we schedule an audit for recertification. In case the recertification is completed with a positive result, the certificate is renewed again for a period of three years. After recertification, the annual audit cycle follows.
You may also opt to begin with a trial audit prior to the actual certification process. We then assess and check the Information Security Management System (ISMS) documentation for completeness and conformity with the standards. This audit is not compulsory, but it is useful. It’s a good way of discovering just how your organisation is doing prior to the actual process. And you can still take action where needed. This increases your chances of a positive outcome for the real audit.
Want to know more about the ISO 27001 at DEKRA?
DEKRA audits and certifies against international and sector-specific standards, such as ISO 27001. Find out everything you need to know about ISO 27001 here.
Read more

7 Resultaten

21 dec 2023
Why ISO 27001?
If you work with confidential information, you will need to consider obtaining ISO 27001 certification at some stage. Read about the benefits here.
Bekijk artikel
20 dec 2023 Audit / Milieu / Sustainability
Environmental management system and ISO 14001
Within ISO 14001, the term environmental management system plays an important role. But what exactly does an environmental management system entail?
Bekijk artikel
03 okt 2023 Audit
What is ISO 45001?
What is ISO 45001 about and why is it important? Read our FAQs and find out all you need to know.
Bekijk artikel
04 apr 2023 Audit
Quality management system ISO 9001
ISO 9001 is a globally recognized standard for quality management systems. It is designed to help organizations improve their processes, products and services.
Bekijk artikel
08 mrt 2023 Audit
The differences between NEN 7510 and ISO 27001
NEN 7510 and ISO 27001 are familiar standards that set rules and guidelines for handling confidential information. Find out more about the differences here.
Bekijk artikel
04 jan 2023 Audit
Risk analysis in information security
Would you like to have your management system certified to show that you are handling information responsibly? You first need to map out a few things if you are to secure all that information properly.
Bekijk artikel
24 nov 2022 Audit
Internal audit
Do you want your organization certified against a HKZ or ISO standard? Then internal audits are required. Without internal audits, you will not meet these standards.
Bekijk artikel
Show all articles