HomepageServicesManagement System CertificationsInformation security managementISO 27001 Certification

ISO 27001 Certification

Sustainably improve your information security management with ISO/IEC 27001

Cybercrime is often the result of outdated technology, mishandling of confidential information, or virus-related security vulnerabilities. Protect yourself by optimizing your information security management system (ISMS) according to ISO/IEC 27001.

Certification of your ISMS shows your stakeholders that your company takes information security seriously and has a strong awareness of cyber risks.

Secure competitive advantages with ISO 27001 Certification

Reduce your business and liability risks with the help of legally compliant data management
Protect the sensitive data of your stakeholders and sustainably increase their trust
Identify threats to your business and minimize them early on
Save money with the effective structuring of your ISMS according to ISO 27001 and firmly implement information security in your corporate structure

Your ISO 27001 Certification at a glance

With the introduction and certification of your information security management system, you can effectively respond to legal requirements and customer demands relevant to information security. Benefit from the advantages of ISO/IEC 27001: The standard focuses on both the implementation of technical measures and the documentation that takes into account all relevant risks for the respective business operation. Together, these fundamentals and the interlocking of technical and organizational measures create a robust level of security.

Considering your individual situation and providing a holistic view of your company, ISO 27001 certification ensures the integration of the standard into the entire corporate structure for added advantages. A stakeholder and risk analysis helps you to identify and implement the measures you need to sustainably increase your information security. In doing so, your ISMS can be optimized and adapted in an agile manner.

A leading international standard, ISO 27001 certification is considered to be one of the most relevant in the field of cyber security. Applicable to any company regardless of size and industry, the standard provides important guidelines in the area of planning, implementation, control and optimization of your information security.

Assessment parameters:

The establishment of an appropriate ISMS
The implementation of a mechanism for identifying risks, self-assessment, prevention and remediation of security gaps
The plausibility of the defined security levels of the processed information
The implementation of appropriate measures to ensure adequate information security

Another advantage of the standard is the inclusion of your individual situation, but also the holistic view of the company and the integration of the standard into the entire corporate structure. Using a stakeholder and risk analysis, you can identify and implement the measures you need to sustainably increase your information security. Your ISMS is not carved in stone but can be optimized and adapted in an agile manner.

1. Information
Project meeting (by telephone or in person) and preparation for certification including document review

2. On-site certification
Readiness analysis with assessment and review of the management system description, review of documented processes and optional post-audit (review of corrective actions)

3. Audit report and evaluation
Documentation of the audit and evaluation of the management system

4. Certificate and seal
After successful completion, you will receive your certificate and the DEKRA test seal (with a maximum term of three years)

5. First surveillance audit
A surveillance audit of the practical implementation is conducted every twelve months

6. Second surveillance audit
Repeated auditing of the practical implementation of the management system

7. Recertification
Three years after initial certification, steps 2 to 6 are repeated for the recertification audit

For a time-saving and smooth certification process, you can prepare yourself by:

Creating an inventory of assets
Determining the scope of the ISMS
Defining information security policy and objectives
Developing a risk assessment and risk treatment methodology
Creating a statement of applicability (SoA)
Preparing a risk treatment plan and risk assessment report
Defining security roles and responsibilities
Ensuring acceptable use of assets
Defining policies such as those for access control according to Annex A of ISO/IEC 27001

From October 31, 2025, all existing certificates must be converted to the revised requirements of ISO/IEC 27001:2022. Until then, initial or recertification audits can still be carried out according to the old standard DIN EN ISO/IEC 27001:2017 until 18 months after publication of the new standard at the latest (i.e. until April 30, 2024), but a conversion to the new standard revision must take place by October 31, 2025. This can be carried out either as part of a surveillance audit or as a separate conversion audit. The cycle remains unchanged. Upon successful completion of the conversion audit, you will then receive a new certificate for ISO/IEC 27001:2022 with validity until the end of the normal 36-month cycle.

With the publication of ISO/IEC 27006-1:2024, significant changes have been introduced that clarify and update the framework for audits and certifications of information security management systems. The most important changes include

Audit time calculation: introduction of a concept for identical activities by different persons, new guidelines for scope extensions and refined calculation methods for multiple sites
Requirements for auditors: Removal of quantitative requirements for the professional experience and training of ISMS auditors.
Remote audits: New requirements for conducting, specifying the scope and effectiveness of the remote audit in the audit report, removal of the requirement for approval by the accreditation body for more than 30% planned remote audit time.

Your reliable and neutral partner for ISO 27001 Certification

Benefit from the many years of experience of our experts in the field of information security and the certification of management systems.
Distinguish your information security management performance with our renowned DEKRA seal for strengthened customer trust.
Save time and money with our combined certifications with other management standards such as ISO 9001, ISO 14001 or ISO 45001.

Important note

The International Organization for Standardization (ISO) has revised its management system standards to better address climate change, motivating companies to take action and make sustainable improvements.

This extension affects all ISO Type A management system standards, including ISO 27001, and requires certified organizations to integrate climate change into their planning and consider the needs of their stakeholders. Implementation of these new requirements is required immediately and will be monitored by us as the certification body. Non-compliance may result in non-conformity.

Do you need additional information on the new requirements regarding climate change in management systems? Please contact us.

You can also find out more in our article.

*For ease of reading, we use the abbreviated designation “ISO 27001.” The full designation of the standard is “ISO/IEC 27001:2022.” Further information on standard designation can be found here.

Productsheet ISO 27001

Productsheet ISO 27001(PDF, 1.9 MB)

Management System Certification is offered by DEKRA Certification GmbH and operates independently of all training and consultancy services offered by other DEKRA units.

Update ISO/IEC 27001 and ISO/IEC 27002

learn more

CRITIS audit