Information security management system certification is provided by certification bodies to organizations that demonstrated that they implemented an information security management system.
ISO/IEC 27001 provides a model for establishing, implementing, operating, monitoring, analyzing, maintaining and improving an information security management system (ISMS). Development and implementation of an ISMS is influenced by an organization’s needs and objectives, security requirements, processes, size and structure.
A certification body applying for ISO 27001 accreditation must comply with ISO / IEC 17021 and other additional international requirements detailed in the Specific Accreditation Requirements for the ISMS scheme.
ISO/IEC 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining and continuous improvement of an organization ISMS.