ISO 27001:2013 is the international standard for information security management systems.

This standard, officially states the requirements for a management system designed to secure the information under the organization.

Starting from October 31 2025 the 2013 version of the standard will be replaced and updated to the 2022 version.

We recommend to customers starting the certification process to perform the audit to the 2022 version.

Expected Outcomes for Accredited Certification to ISO 27001

Ronet is accredited by an American accreditation body ANAB for ISO 27001:2013\2022.

(From the perspective of the organization’s customers) the expected outcomes  from an accredited certification “For the defined certification scope, an organization with a certified information security management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.”

Notes:

  1. “Products” also include “services.”
  2. Customer requirements for the product may either be stated (for example in a
    contract or an agreed specification) or generally implied (for example in the
    organization’s  promotional material, or by common practice for that
    economic/industry sector).
  3. Requirements for the product may include requirements for delivery and post-
    delivery activities.

 

What accredited certification to ISO 27001 means

To achieve conforming system, the accredited certification process is expected to provide confidence that the organization has an information security management system that conforms to the applicable requirements of ISO 27001. In particular, it is to be expected that the organization:

  • Has established an information security management system that is suitable for the type of information that needs to be secured.
  • analyzes and understands customer needs and expectations, as well as the relevant statutory and regulatory requirements related to its information security scope
  • Identifies and analyzes the risks related to information security and applies the activities needed to reduce those risks.
  • Applies the controls required by the standard in order to protect the information
  • has ensured the availability of resources necessary to support the operation and monitoring of these processes
  • identifies and handles nonconformities and information security incidents
  • has implemented an effective internal audit and management review process

The audit is based on a sampling process of the available information and that consequently there will always be an element of uncertainty present in auditing evidence, which may be reflected in the audit findings. 

What accredited certification to ISO 27001 does not mean

  • That the information is secured in 100%
  • That any breaches or events can occur
  • That the technologies used by the organization were checked by the certification body and were found 100% effective

To fill in the application for ISO 27001 please press here