An organization's Information Security Management System (ISMS) may optionally be formally certified compliant with ISO 27001 by means of an assessment by an independent third party, an Accredited Certification Body.

A typical BS7799 certificate

The normal life of an ISO 27001 Certification (formerly BS7799 Certification) is three years, although of course it is usual to seek renewal.

Although over one thousand organizations are now formally certified, many thousands more claim to be "working towards" or even "compliant with" the standard. Without the certification, there is no independent confirmation that these organizations are actually compliant.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)