You must handle your confidential data carefully. Certification Services from PwC is accredited to test your security according to international standards and to grant you a certificate for your information security management system. By obtaining an ISO27001 Certificate, you can show your customers that you have organized your information security appropriately.
Certification is the testing against (inter)national standards by an independent body that is appointed by an accreditation body. PricewaterhouseCoopers Certification B.V. (hereinafter referred to as Certification Services) has been designated as a certifying authority by the Dutch Accreditation Council (RvA).
During an ISO27001 certification engagement, we assess the information security management system of your organization. This means that we assess the way in which the management is in control of the information security within an organization and whether there is a focus on continual improvement.
Certification does not indicate that the individual services and/or products of an organization are tested. Further, it also does not suggest that an absolute statement is given as to whether the information security of an organization is at a sufficient level. Security incidents cannot always be prevented. The goal is that management adequately deals and recovers from incidents to improve their system. Note: information security is tied to time and can be overtaken by new developments. The organization itself is responsible for keeping its management system up to date.
The user of a certificate must know whether the organization meets all the ISO27001 requirements. This can be done by requesting an abstract from our report. It is also important to understand the scope of the certificate. Not all standards have to be applied and not all processes and/or locations of an organization need to be covered by the certificate.
Our assessment focuses, in accordance with ISO/IEC 17021, on:
The assessment does not make any statements about the effective operation of the management system in a given period. The potential effectiveness of the management system may have inherent limitations, preventing errors, incidents, security breaches and fraud being timely discovered.
The date of the description of the management system is stated on the certificate. Every projection of this information to the future is subject to the risk that the system has changed since then. The management of the certified organization has a responsibility to proactively inform the certification body about important developments.
© 2015 - Wed Apr 21 10:16:22 UTC 2021 PwC. PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.