WHAT IS IT
ISO/IEC 27001 is the only auditable and certifiable international standard that defines the requirements for an ISMS (Information Security Management System) and is designed to ensure the selection of adequate and proportionate security controls.This way you can protect your information and give confidence to your stakeholders, especially your customers.
KEY POINTS
- Risk assessment consistent with the reference context;
- the concept of information (or information resource) with its relative valorization;
- the economic and financial aspects relating to Information Security;
- the organizational (and not just technological) aspect of Information Security;
- the effectiveness of the ISMS and the countermeasures adopted to address the risks.
ADVANTAGES
- Gain a competitive advantage by meeting your customers' contractual requirements with particular attention to the security of their information
- Perform impartial identification, assessment and management of organizational risks while formalizing information security processes, procedures and documentation
- Demonstrate impartially compliance with applicable laws and regulations
- Demonstrate the commitment of business leaders to ensuring information security
- Ensure constant monitoring of business performance and activate the necessary improvement actions.
FLEXIBLE PURPOSE
CSQA has obtained from Accredia , with resolution of the sector committee for accreditation, certification and inspection (CSA CI) dated 16/12/2019, the extension of accreditation for the SSI scheme with flexible scope for the following area: ISO/IEC 27001:2013 certification scheme with integration of the guidelines of the ISO/IEC 270XX:20YY series “Information Technology, Security techniques, Code of practice”.
To date, CSQA has implemented, in this area, the accredited certification activities according to the following Guidelines:
- ISO/IEC 27017 “Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services”;
- ISO/IEC 27018 “Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors”;
- ISO/IEC 27037 Guidelines for identification, collection, acquisition and preservation of digital evidence
- ISO/IEC 27701 Privacy Information Management
- ISO/IEC 27035-1 Principles of Incident Management
The peculiarity of the "flexible scope" accreditation is that it allows the CAB to expand this list independently and therefore with short timeframes in response to any requests.
NEW ISO/IEC 27001:2022
On 25 October 2022, the ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems – Requirements standard was published.
All certifications issued under accreditation against ISO/IEC 27001:2013 (UNI CEI EN ISO/IEC 27001:2017) must transition to the new standard by 31 October 2025. All certifications based on ISO/IEC 27001:2013 will expire or be withdrawn at the end of the transition period.
From 30 April 2024 , all new certifications and renewals must be issued exclusively against ISO/IEC 27001:2022.
The regulation reports an update of the countermeasures with a particular focus on cyber security and data protection.
All certifications issued under accreditation against ISO/IEC 27001:2013 (UNI CEI EN ISO/IEC 27001:2017) must transition to the new standard by 31 October 2025. All certifications based on ISO/IEC 27001:2013 will expire or be withdrawn at the end of the transition period.
From 30 April 2024 , all new certifications and renewals must be issued exclusively against ISO/IEC 27001:2022.
The regulation reports an update of the countermeasures with a particular focus on cyber security and data protection.
HOW TO EFFECTIVELY DEAL WITH THE TRANSITION TO THE NEW NORM?
CSQA offers you some tools to manage an effective transition:
1 - Follow our refresher courses
CSQA has planned courses to update the qualifications of ISO 27001 Lead Auditors .
Check out our 2023 Course Catalog
2 - Request a Gap Analysis before switching to the new standard
A preliminary activity allows you to identify adjustments or improvements to be implemented in view of the next certification audit, so it is recommended at this stage.
1 - Follow our refresher courses
CSQA has planned courses to update the qualifications of ISO 27001 Lead Auditors .
Check out our 2023 Course Catalog
2 - Request a Gap Analysis before switching to the new standard
A preliminary activity allows you to identify adjustments or improvements to be implemented in view of the next certification audit, so it is recommended at this stage.