Skip to content

ISO 27001 Certification

Effective protection of your information security

IT systems are an integral part of every business, and employees are surrounded by confidential information and data on a daily basis. Digitalisation is leading to an increase in cyber attacks and data theft, making the responsible management of security risks all the more important. The Information Security Management System (ISMS) supports you in this: ISO 27001, as a globally recognised standard, defines the necessary requirements for establishing, implementing, operating and monitoring the ISMS.

A management system in accordance with ISO 27001 (and its certification) focuses on the confidentiality, integrity and availability of data, information and systems. The ‘High-Level Structure’ (HLS) enables you to integrate the information security standard into existing management systems based on ISO 9001 or ISO 14001. 

Get in touch

Target group

The certification is aimed at organisations and companies across all sectors where IT security plays a role – from manufacturing and retail to service providers and utilities.

In addition, TÜV NORD offers both internal and external IT service providers certification to ISO 20000-1 for effective IT service management.

Advantages: Why you benefit from ISO 27001 certification

  • Enhanced protection for your business processes, data and information
  • Minimising risks and maximising opportunities by eliminating vulnerabilities
  • Employees are made aware of security considerations when handling data
  • Increased risk awareness
  • Strengthened trust among customers, partners and investors
  • Continuous optimisation of IT processes
  • Cost reduction

The audit process of an ISO 27001 certification

1

01

Enquiries, quotations & explanations

2

02

Booking & personalised scheduling

3

03

Audit: Understanding the organisation & assessing readiness for certification

4

04

Identifying areas for improvement

5

05

Quick dual-check & certificate generation

6

06

TÜV certificate for external use

7

07

Continuous improvement of the management system and competitiveness

ISO/IEC 27001:2022 – New structure for the global standard

Attackers are constantly using new methods to identify vulnerabilities within organisations and exploit them to gain access to IT systems, with the aim of manipulating or stealing information. Today, every organisation must be able to identify and control—or counteract—the resulting threats to information security, which essentially concern confidentiality, integrity and availability.

On 25 October 2022, the new framework for information security, ISO/IEC 27001:2022, was published under the new title ‘Information Security, Cybersecurity and Privacy Protection’. ISO 27001 thus once again aligns with the ISO 27002 guidance and reflects the state of the art.

Formal change (PDF)

Important information on the ISO/IEC 27006-1:2024 revision

In March 2024, ISO 27006 was revised to become ISO/IEC 27006-1:2024. This standard sets out the rules for audits and certification of management systems based on ISO 27001. 

Once the transition period has ended, all ISO 27001 certifications must be based exclusively on the new revision, ISO/IEC 27006-1:2024. Neither the validity nor the expiry date of existing certificates is affected by the revisions in ISO/IEC 27006-1:2024. The International Accreditation Forum (IAF) has established a two-year transition period and a number of transitional arrangements.

In the following document, we provide all the information you need to know about the ISO 27006 revision:

Customer information (PDF)
Eine Vogelperspektive zeigt einen dichten Wald, der sich entlang eines Flusses erstreckt, mit grünen Bäumen

Climate change – additions to management system standards

In a joint statement issued in February 2024, the International Accreditation Forum (IAF) and the International Organisation for Standardisation (ISO) outlined the amendments to various management system standards. The statement emphasises the importance of addressing climate change within these management systems.

The amendments affect clauses 4.1 and 4.2 of the respective standard. The aim of the amendments is to ensure that organisations take climate change issues into account in relation to the effectiveness of management systems, in addition to all other aspects.

Find out more

Frequently asked questions

Taking into account legal, regulatory and contractual requirements, ISO 27001 sets out the requirements for the establishment, implementation, operation, monitoring and documentation of your ISMS.

In doing so, existing risks to your organisation are identified, analysed and addressed through appropriate measures. This applies not only to cyber-attacks but also to other disruptions that lead to unplanned interruptions in processes or even bring business operations to a standstill. 

The Plan-Do-Check-Act model, which underpins ISO 27001, ensures continuous improvement throughout this process.

Thanks to its high-level structure, the information security standard can also be fully integrated into an existing management system compliant with ISO 9001 or ISO 14001.

If you wish to obtain ISO 27001 certification, you must have implemented a risk management system within your organisation, including the identification, analysis, assessment and treatment of risks, as well as a review of applicability.

The certification is aimed at organisations and companies across all sectors where IT security plays a role – from manufacturing and retail to service providers and utilities.

In addition, TÜV NORD offers internal and external IT service providers certification to ISO 20000-1 for effective IT service management.

ISO 27001 is not limited to IT processes alone, but also takes into account aspects of infrastructure such as organisation, personnel and buildings. After all, data security is becoming an increasingly important competitive factor.

This applies in particular to operators of critical infrastructure (KRITIS), who are required by the BSI Act to ensure a minimum level of IT security.

Expert, international, TÜV NORD CERT

TÜV NORD CERT GmbH

TÜV NORD CERT is an internationally recognised and reliable partner for testing and certification services. Our experts and auditors possess in-depth knowledge and are all permanently employed by TÜV NORD. This ensures independence, impartiality and continuity in the support we provide to our clients. The benefit for you is clear: our auditors accompany and support the development of your business and provide you with objective feedback.

Discover your next service

Certification

ISO 14001 and EMAS certification

Strong positioning through active environmental management
Find out more about ISO 14001/EMAS
Certification

ISO 50001

Certified energy management system
Find out more about ISO 50001
Certification

Compliance

Compliance management systems to promote compliance with regulations
Find out more about the compliance management system