ISO 27001 - Information Security Management System

ISO 27001 - Information Security Management System

ISO/IEC 27001 is an internationally recognized standard for Information Security Management System. The standard applies to all organizations to which information is a measurable value or its protection is a legal requirement. The spectrum of these organizations is therefore very broad: companies, banks, public administration on different levels, public healthcare organizations, non-profit organizations.


Information security as defined in ISO 27001 is not limited to information stored in electronic form on your computer, but for all information processed in any form, for example: printed or written on paper, stored electronically on any medium, processed in different systems and processing environments, sent via traditional mail and e-mail, recorded in images, videos, sound or passed during a call.


Regardless of the form of information processing and the methods and tools used, the ISO / IEC 27001 standard helps organizations to create appropriate conditions for the protection of information. That should be adequate to the corresponding risk of loss, damage or declassifying information.


According to the Standard, information security should always be considered via three aspects:

  • confidentiality of information - understood as ensuring that only authorized persons or entities have access to the information,
  • integrity of information - understood as ensuring that the information is complete (does not include exclusions that may affect the proper understanding of media information),
  • the availability of information - understood as ensuring that authorized users have access to information at all times when it is necessary to carry out their tasks.

ISO 27001 certification

When all requirements of the ISO/IEC 27001 standard are met, and it can be so proven by internal audits, the organization may proceed to an external audit. This external audit should be carried out by a third party – accredited certification body.


Certification will be carried out in 2 Stages. Stage 1 covers document review and Stage 2 checks the functioning of management system within the company.


During the ISO/IEC 27001 certification the auditor will focus on reviewing:

  • the information security policy,
  • statement of applicability,
  • risk analysis methodology,
  • documented security procedures,
  • if the work methods and practices that are employed are in accordance with procedures and the established security goals,
  • that appropriate records are kept.


After positively completing the certification  the Auditor shall recommend that  a certificate for ISO 27001 is issued and  registered.


The next steps are surveillance audits which are aimed to assure that the management system continuous to be effective, is being improved and still in compliance with ISO/IEC 27001 standard.

What is the cost of ISO/IEC 27001 certification?

ISOQAR has an individual pricing approach for each Client. We take into consideration many factors before we make a proposal.


To get a proposal please complete the on-line form or call our office.

Contact us

Wyrażam zgodę na przetwarzanie moich danych osobowych zgodnie z polityką prywatności.

Regulamin plików cookies