Information security
What is the purpose of an ISO 27001 Certificate?
You must handle your confidential data carefully. Certification Services from PwC is accredited to test your security according to international standards and to grant you a certificate for your information security management system. By obtaining an ISO27001 Certificate, you can show your customers that you have organized your information security appropriately.
What is certification?
Certification is the testing against (inter)national standards by an independent body that is appointed by an accreditation body. PricewaterhouseCoopers Certification B.V. (hereinafter referred to as Certification Services) has been designated as a certifying authority by the Dutch Accreditation Council (RvA).
During an ISO27001 certification engagement, we assess the information security management system of your organization. This means that we assess the way in which the management is in control of the information security within an organization and whether there is a focus on continual improvement.
No absolute statements
Certification does not indicate that the individual services and/or products of an organization are tested. Further, it also does not suggest that an absolute statement is given as to whether the information security of an organization is at a sufficient level. Security incidents cannot always be prevented. The goal is that management adequately deals and recovers from incidents to improve their system. Note: information security is tied to time and can be overtaken by new developments. The organization itself is responsible for keeping its management system up to date.
Pay attention to the scope
The user of a certificate must know whether the organization meets all the ISO27001 requirements. This can be done by requesting an abstract from our report. It is also important to understand the scope of the certificate. Not all standards have to be applied and not all processes and/or locations of an organization need to be covered by the certificate.
Our assessment
Our assessment focuses, in accordance with ISO/IEC 17021, on:
- The way in which the management system is documented and whether the applicable standards from ISO27001 are laid down in this;
- The way in which the management system as described actually exists within the organization.
The assessment does not make any statements about the effective operation of the management system in a given period. The potential effectiveness of the management system may have inherent limitations, preventing errors, incidents, security breaches and fraud being timely discovered.
Contact us
