ISO 27001 information security policy

Dec 01, 2022Audit / Information security management system

How ISO 27001 strengthens your information security policy

Organisations hold an inconceivable amount of information. A lot of it is often confidential and privacy sensitive. So that information should not be allowed to go public. And if it does? There can be far-reaching consequences. This means that as a business owner, you must implement proper protection for all the information your company holds. Would you like to demonstrate that your organisation does indeed handle information securely? An ISO 27001 certificate shows that your information security policy is indeed in order. This blog explains just what the ISO standard entails, and how complying with it strengthens your organisation. You will also learn how to obtain the ISO 27001 certificate, and how DEKRA can assist you with this.

What is the ISO 27001 information security policy? 

ISO 27001 is a globally recognised standard for information security. This certification lets you implement a sound information security strategy for your organisation. In doing so you meet not just the legal requirements, but also the expectations of customers, employees and other stakeholders.

Why does ISO 27001 ensure a good information security policy?

You can consider ISO 27001 as a means of getting your information security policy in order. But why is it so important? And what benefits does it bring?

You meet your customers’ requirements
Customers impose increasingly stringent demands on how companies handle their data. Often, they even ask to see ISO 27001 certification when tendering. So, holding this certificate can be a requirement for winning a contract. It proves to customers that their information is in good hands.
You seize commercial opportunities
ISO 27001 can be the clincher in persuading potential customers to do business with your company. The certificate proves to your customers that you take your information security seriously. You also increase your edge over any competitor not holding a certificate.
You protect your reputation
Managing risks properly can significantly reduce the risk of reputational damage. In acquiring ISO 27001 certification, you first identify your information security risks. Then you work to reduce the inherent risks. So, you are working proactively, not reactively. 
You create awareness in the workplace
Achieving ISO 27001 creates awareness among employees. This reduces the risk of incidents and any reputational damage.
You can assume that you comply with European laws and regulations
This gives you access to national and international markets. Holding an ISO 27001 lets you rest assured that you are in compliance with the information security laws and regulations.

ISO 27001 certification guide

Access the most important information and a checklist for your ISO 27001 certification with our ultimate guide.

How do I obtain ISO 27001 certification?

Are you having yourself certified by DEKRA for an ISO 27001 information security policy? Then you should assume it will be a six- to nine-month process, entailing the following steps:

Step 1: Introduction

We are happy to visit you, or contact you via Teams or by phone. During the meeting we will discuss the process of an ISO 27001 certification. After this you prepare your organization for the ISO 27001 audit.

Step 3: Report and evaluation

Our lead auditor shares the audit report. In it you will find all the results of the audit.

Step 2: Audit at your location

Our auditors perform an audit at your location. Here we assess and test the operation of the management system. We check whether it works as described in your organization's management system. Your organization must demonstrate that you are in control. If this cannot be demonstrated, it may be necessary to subsequently test the corrective measures.

Step 4: ISO 27001 certification

Upon successful completion, you will receive your ISO 27001 certificate. The certificate is valid for up to three years.

Step 5: First follow-up audit

Within a year, we conduct a follow-up audit. In this we assess whether your management system is still working according to the standard.

Step 6: Second follow-up audit

About a year later, we hold a second follow-up audit. We again assess whether your management system works according to the standard.

Step 7: Recertification

In the third year after ISO 27001 certification, we schedule an audit for recertification. In case the recertification is completed with a positive result, the certificate is renewed again for a period of three years. After recertification, the annual audit cycle follows.

You may also opt to begin with a trial audit prior to the actual certification process. We then assess and check the Information Security Management System (ISMS) documentation for completeness and conformity with the standards. This audit is not compulsory, but it is useful. It’s a good way of discovering just how your organisation is doing prior to the actual process. And you can still take action where needed. This increases your chances of a positive outcome for the real audit.

Do you have a question? Get in touch with one of our experts

Henry Dwars

DEKRA Audit Sales

Meander 1051

6825 MJ Arnhem

Directions / route

+31 88 968 3458
Get in touch

Want to know more about the ISO 27001 at DEKRA?

DEKRA audits and certifies against international and sector-specific standards, such as ISO 27001. Find out everything you need to know about ISO 27001 here.

7 Results