ISMS Certification Process
This Directory provides access to a range of information related to the certification of an organisation's ISMS.
Certification Process
The first phase of the process involves your company preparing and getting ready for the certification of your ISMS: developing and implementing your ISMS, using and integrating your ISMS into your day to day business processes, training your staff and establishing an on-going programme of ISMS maintenance.
The second phase involves employing one of the accredited certification bodies to carry out an audit of your ISMS.
The certificate that is awarded will last for three years after which the ISMS needs to be re-certified. Therefore there is a third phase of the process (assuming the certification has been successful and a certificate has been issued), which involves the certification body visiting your ISMS site on a regular basis (e.g. every 6-9 months) to carry out a surveillance audit.
Certification Bodies (CBs)
Current list of Certification Bodies
AFNOR Certification
AJA Registrars Ltd
BM TRADA Certification Limited
BSI
BSI-J (BSI Japan K.K.)
Bureau Veritas Certification
Center Teknologisk institutt Sertifisering AS (Norway)
CEPREIi Certification Body
Certification Europe
CIS (Austria)
Comgroup GmbH (Germany)
CQS (Czech Republic)
datenschutz cert GmbH (Germany)
Defense Procurement Structure Improvement Foundation System Assessment Center (BSK System Assessment Center)
DNV (Det Norske Veritas)
DQS GmbH (Germany)
DS Certification
ENAC (Entidad Nacional de Acreditacion)
HKQAA (Hong Kong Quality Assurance Agency)
ICMS
International Standards Certifications
Intertek Systems Certification
ISOQAR
JACO-IS (Japanese Audit and Certification Organisation)
JATE (Japan Approvals Institute for Telecommunications Equipment)
JICQA (JIC Quality Assurance Ltd)
JMAQA (JMA QA Registration Center)
JQA (Japan Quality Assurance Organization)
JSA (Japanese Standards Association Management Systems Enhancement Department)
JUSE-ISO (Union of Japanese Scientists and Engineers ISO Center)
J-VAC (Japan Value-Added Certification Co.,Ltd)
KEMA Quality BV
KPMG Audit plc
KPMG Certification
KPMG RJ (KPMG Registrar Co., Ltd.)
KPMG SA
LGAI Technological Center
LL-C (Certification)
LRQA (Lloyd's Register Quality Assurance Limited)
LTSI SAS (France)
Moody
MSA (Management System Assessment Center Co., Ltd)
National Quality Assurance
Nemko (Norway)
NYCE (Normalizacion y CertificacionnElectronica A.C.)
PJR (Perry Johnson Registrars)
PJR-J (Perry Johnson Registrars, Inc. of JAPAN)
PricewaterhouseCoopers Certification B.V.
PSB Certification (Singapore)
QSCert, spol. s.r.o
RINA S.p.A. (Italy)
SAI Global Limited (Australia)
SEMKO-DEKRA Certification AB
SFS-Inspecta Certification (Finland)
SGS ICS Limited
SGS
SGS Philippines Inc.
SIRIM QAS International
SQS (Swiss Quality System)
STQC IT Certification Services (India)
TCIC Ltd
TECO (Tohmatsu Evaluation and Certification Organization)
TUV NORD CERT GmbH (Germany)
TÜV Rheinland Group (Germany)
TÜV RJ (TUV Rheinland Japan Ltd.)
TÜV SAAR CERT (Germany)
TÜV SÜD Gruppe (TÜV Management Service GmbH) (Germany)
UIMCert (Germany)
United Registrar of Systems Limited
Auditor Certification and Qualifications
IRCA (International Register for
Certified Auditors) operates a certification scheme for ISMS auditors. There
are four grades of auditor covered by this scheme:
ISMS Provisional Auditor
ISMS Auditor
ISMS Lead Auditor
ISMS Principal Audit
As part of the certification process IRCA will evaluate applicants against requirements which reflect the key skills, knowledge and experience that define competence and which the ISMS auditor need to have and demonstrate during an audit. The evaluation criteria specifies the education, work experience, auditor training and auditing experience an applicant needs to qualify for registration of these grades.
The Scheme is intended for:
ISMS auditors, e.g. those
employed/contracted by third party certification/registration bodies, those
involved in first or second party ISMS audits
Information security
practitioners, e.g. Information security consultants, IT security managers
and IT personnel.
Employees conducting ISMS audits
within their own organization i.e. internal ISMS audits.
The ISMS Auditor Certification Scheme is based on knowledge and experience of the key ISMS standards and guidelines
The details of all certified auditors are included within a register, which is published and made publicly available by IRCA.
Questions
or problems regarding this web site should be directed to info@iso27001certificates.com
Copyright © ISMS International User Group, 1997 - 2009, All rights reserved.