ISO/IEC 27001:2022

The system of information security management

The ISO/IEC 27001:2022 standard provides general requirements for the design and implementation of an information security management system.

In today’s competitive business environment, information is constantly “threatened” by different sources. Therefore, there is a general need for an Information Security Policy for all organizations, the ISO/IEC 27001:2022 standard being intended to help organizations of any type and size to implement and operate an information security management system.

By implementing the ISO/IEC 27001:2022 standard, organizations can develop a framework for managing the security of their own information assets, including financial information, intellectual property and employee information or information entrusted to the organization by customers or third parties.

The certification process

Certification costs

The price of a certification according to 27001:2022 is established depending on the structure, size and field of activity of the organization.

Frequently Asked Questions

Certification is the verification of the compliance of management systems with the ISO reference standards.

This analysis is carried out by a certification body.

ISO is the abbreviation for the International Organization for Standardization based in Geneva.

This organization issues international standards called generic ISO.

Management system certifications according to ISO standards are valid for a period of 3 years.

In the third year, the recertification audit is performed, the organization thus entering a new 3-year certification cycle.

The audit is a systematic, independent and documented activity that aims to assess the extent to which certain requirements are met.

The audit should be seen as a tool for improvement and in addition to the objectives of any audit, the audit team should also consider identifying potential areas for improvement and shall document these in the form of recommendations in the audit report, along with other findings (nonconformities or identified weaknesses).

The certification audit is carried out in 2 stages:

  1. The analysis of the documentation and obtaining the necessary information regarding the field of the management system.
  2. The assessment of the Management System operation on site.

The verification of the implementation and operation of the management system in accordance with the reference standard, followed by the closure of non-conformities.

We consider the audit process as a comfortable, positive experience, oriented towards providing added value – it is a process of collaboration, cooperation and you are the customer. An effective audit process allows the management to evaluate their own efficiency in controlling the company in the desired manner.

  1. Sending the quotation.
  2. Signing the contract and agreeing on the payment method.
  3. Scheduling the audit date.
  4. The certification audit. Preparation of necessary reports.
  5. Verification of audit documentation and closure of non-compliances.
  6. The issue of the certificate.
  7. Surveillance audit I. It is found that the system is maintained and improved by a new audit no later than 1 year after the completion of the certification audit.
  8. Surveillance audit II It is found that the system is maintained and improved by a new audit no later than 2 years after the completion of the certification audit.
  9. Recertification. In order to maintain continuity, the recertification audit must be carried out before the expiration of the certificates.

A standard is a document established by consensus and approved by a recognized body, which provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context. (according to ISO/IEC Guide 2:1996).

Certification according to ISO management systems or the Good Practice Guide in order to ensure the health of the customers is a voluntary process.

The Certification is a useful tool for the management of the company, which thus has the certainty of implementing the best practices in order to protect the health of the customers and employees.

  • Accreditation and recognition at national and international level

Systema performs audits and issues certificates according to the ISO/IEC 17021:2011 accreditation standard.
The most professional ISO certification bodies are accredited by accreditation institutions recognized for their competence and performance worldwide. This accreditation clearly certifies that the certification body carries out activities in the most professional way possible.

For Romania, there is RENAR, the institution that accredits certification bodies in Romania, thus allowing for national recognition.

  • Service quality.

The attitude and professionalism of the Systema team are evaluated monthly by our clients.

Recommendation is one of the most important ways to promote ourselves. We consider the recommendation a powerful tool because it speaks about the trust that our clients have in the Systema team and in the services provided.

The validity period of an ISO certificate is three years. In order to maintain continuity, the recertification audit must be carried out before the expiration of the certificates.

The organizations that grant certifications of compliance with international standards to third parties are themselves accredited by accreditation bodies (e.g., RENAR Romania) and are therefore called Accredited Certification Bodies.

The accreditation means that certification bodies have in turn been assessed in regard to internationally recognized standards, in order to demonstrate their competence, impartiality and performance.

The accreditation allows to distinguish a competent assessor who ensures that the choice of a certification or inspection body is a well-documented one. An accredited certification body can prove to their customers that they meet the requirements of the international accreditation standards. The result is a reduced risk of a customer choosing and paying an incompetent assessor, or worse, being guided by results without any real basis.

w

Lorem ipsum dolor sit amet, consectetur adipiscing elit eiusmod tempor

w