{"id":150,"date":"2020-04-16T06:51:08","date_gmt":"2020-04-16T06:51:08","guid":{"rendered":"http:\/\/www.cyberlaws.org\/?p=150"},"modified":"2021-04-20T18:50:07","modified_gmt":"2021-04-20T18:50:07","slug":"iso-27001-certification-individual-vs-organization","status":"publish","type":"post","link":"https:\/\/www.cyberlaws.org\/iso-27001-certification-individual-vs-organization\/","title":{"rendered":"ISO 27001 CERTIFICATION (INDIVIDUAL VS. ORGANIZATION)"},"content":{"rendered":"<div class=\"art-postcontent clearfix\">\n<p style=\"text-align: justify;\"><b>ISO 27001<\/b><b>:\u00a0<\/b>ISO 27001 is a standard that is folloVendord for the Information Security Management System\u00a0(ISMS)\u00a0of an organization in which, the said company\u2019s compliance status is checked, based on which new policies are created and applied. It\u2019s a mandate in many sectors such as companies involved in the\u00a0Cyber Security\u00a0domain.ISMS includes the 3 major elements of cyber security:\u00a0<b>C<\/b>onfidentiality,\u00a0<b>I<\/b>ntegrity,\u00a0<b>A<\/b>vailability (<b>CIA<\/b>).<\/p>\n<p style=\"text-align: justify;\">To ensure compliance to the CIA in terms of ISO 27k1 the companies need to<\/p>\n<ul>\n<li>Audit<\/li>\n<li>Assess the risks<\/li>\n<li>Formulate policies<\/li>\n<li>Implement policies<\/li>\n<li>Continuous monitoring &amp; Updates<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">The departments\/processes that go through the above mentioned process are both, IT &amp; Non IT Infrastructure of a company, but the audit of ISO 27k1 is mainly focused on the IT Infrastructure of a company.<\/p>\n<h2 style=\"text-align: justify;\"><img class=\" wp-image-151 aligncenter\" src=\"http:\/\/www.cyberlaws.org\/wp-content\/uploads\/2020\/04\/Complaince1-150x150.jpg\" alt=\"\" width=\"277\" height=\"277\" \/><\/h2>\n<h2 style=\"text-align: justify;\"><b>ISO 27001 CERTIFICATION:<\/b><\/h2>\n<p style=\"text-align: justify;\">Being ISO 27001 Certified means, the certification body that you choose for this process (PECB\u00a0or\u00a0IRCA), gives you an attested confirmation that your organization is compliant to all the guidelines of ISO 27k1.<\/p>\n<p style=\"text-align: justify;\">Now there are two types of certifications in ISO:\u00a0<b>Individual \/ Organization<\/b><\/p>\n<p style=\"text-align: justify;\">The process for an\u00a0<b>Individual certified professional\u00a0<\/b>is completely different from that of a\u00a0<b>Certified Organization,\u00a0<\/b>these certified professionals then move on to performing the process of certifying the organization.<\/p>\n<h2 style=\"text-align: justify;\"><b>INDIVIDUAL<\/b><\/h2>\n<p style=\"text-align: justify;\">Types of ISO certified Professionals<\/p>\n<ul>\n<li>Lead Auditor<\/li>\n<li>Lead Implementer<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">A\u00a0<b>lead auditor<\/b>\u00a0is the one who is responsible for leading the\u00a0audit\u00a0team in an organization. He or she prepares the\u00a0audit\u00a0plan, delivers meetings and submits audit\u00a0report at the end of quarter or year. Conducting audits is the main responsibility of a\u00a0lead auditor\u00a0and that needs to be done on a daily basis.<\/p>\n<p style=\"text-align: justify;\">A\u00a0<b>Lead implementer\u00a0<\/b>is the one responsible for bringing the\u00a0Lead auditor\u00a0plan into action and\u00a0makes\u00a0sure all the policies are implemented and properly controlled.<\/p>\n<p style=\"text-align: justify;\">Process of getting certified<\/p>\n<p style=\"text-align: justify;\">According to PECB, the process for getting ISO 27k1 LA\/LI certified is nearly not as lengthy for individuals as it is for the organizations.<\/p>\n<p style=\"text-align: left;\"><b>Previous experience<\/b>: minimum 4 years of job experience in IT is crucial, out of which at least 2 years has to be in cyber security.<\/p>\n<p style=\"text-align: left;\"><b>Training &amp; Examination<\/b>: After attending 5 days of training in ISO 27k1 LA\/LI, in the course outline guided by the certification body of your choice\/requirement, you\u00a0have\u00a0to submitted\u00a0a certain examination fee to the certification body, after which, an invoice in your name along with your exam question papers are prepared &amp; sent to the authorized training center for you to attempt the exam.<\/p>\n<p><b>Certification process<\/b>: After attempting the certification exam, the candidate fills the certification forms in which they put in the required information, In the back-end the certification body verifies the information given by the candidates and if the compliance is there,\u00a0the certificate is issued.<\/p>\n<\/div>\n<h2 style=\"text-align: justify;\"><\/h2>\n<div class=\"art-postcontent clearfix\">\n<h2><img class=\"size-thumbnail wp-image-152 alignright\" src=\"http:\/\/www.cyberlaws.org\/wp-content\/uploads\/2020\/04\/cyberlaws-ISO-27001-2-150x150.png\" alt=\"\" width=\"150\" height=\"150\" \/><\/h2>\n<h2 style=\"text-align: justify;\"><b>ORGANIZATION<\/b><\/h2>\n<p style=\"text-align: justify;\">\u201cA typical certification audit (A.k.a. 3rd party audit) generally follows the general process of\u00a0IT Audit:<\/p>\n<ul>\n<li>REQUESTING DOCUMENTS<\/li>\n<li>PREPARING AN AUDIT PLAN<\/li>\n<li>SCHEDULING AN OPEN MEETING<\/li>\n<li>CONDUCTING FIELDWORK<\/li>\n<li>DRAFTING A REPORT<\/li>\n<li>SETTING UP A CLOSING MEETING<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">Based on the process above, a company either qualifies or disqualifies for certification, which is why organizations hire audit organizations (A.k.a. Accredited organizations) to consult them through the certification process and do the\u00a03rd party Audits.<\/p>\n<p style=\"text-align: justify;\">That has a whole other process altogether, but it again differs from company to company. A generally followed process is as follows:<\/p>\n<p><b>Pre-Proposal checklist:\u00a0<\/b>Vendor will send you a questionnaire\/checklist to be filled by your business\/technical team. This checklist consists of basic information Vendor would need in order to send you a techno-commercial proposal<\/p>\n<p><b>Proposal:\u00a0<\/b>Vendor\u00a0will\u00a0give you a proposal enclosing the Scope of Work, timeline &amp; cost involved in execution of the project.<\/p>\n<p><b>Audit &amp; Compliance<\/b><b>\u00a0team:\u00a0<\/b>Vendor will assign you an account manager who will be your point-of-contact\/consultant &amp; coordinator in the whole process.<\/p>\n<p><b>Pre-assessment:<\/b>\u00a0(optional) Pre-assessment audit is done before the actual assessment is done, another term for this step is\u00a0Opinion Audit. This step is carried out as a precautionary step to identify any weakness\/nonconformity that may need resolving.<\/p>\n<p><b>Assessment:<\/b>\u00a0This step is the actual performance of audit, the process of the same depends on the standard chosen by the auditee.<\/p>\n<p><b>Certification:\u00a0<\/b>Vendor will issue a certificate of registration , clearly outlining the scope of your certification.<\/p>\n<p><b>Compliance:<\/b>\u00a0Your account manager will carry out ongoing assessments to support your continual improvement activities.<\/p>\n<p><b>Training:\u00a0<\/b>Vendor will have an awareness training for the employees of the organization after the completion of the the process &amp; certification courses &amp; training to bring the professionals involved to bring them upto the certification level during\/before the certification.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div class=\"art-postfootericons art-metadata-icons\" style=\"text-align: left;\"><span class=\"art-postcategoryicon\"><span class=\"categories\">Posted in<\/span>\u00a0blog,\u00a0Certification,\u00a0cybersecurity,\u00a0ISO 27001<\/span>\u00a0|\u00a0<span class=\"art-posttagicon\"><span class=\"tags\">Tagged<\/span>\u00a0Audit,\u00a0CERTIFICATION,\u00a0Compliance,\u00a0ISO 27001,\u00a0Security,\u00a0Training<\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>ISO 27001:\u00a0ISO 27001 is a standard that is folloVendord for the Information Security Management System\u00a0(ISMS)\u00a0of an organization in which, the said company\u2019s compliance status is checked, based&#8230; <\/p>\n","protected":false},"author":1,"featured_media":151,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":[],"categories":[3],"tags":[109,114,113,111,21,96,16,112,110],"_links":{"self":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/150"}],"collection":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/comments?post=150"}],"version-history":[{"count":5,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/150\/revisions"}],"predecessor-version":[{"id":708,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/posts\/150\/revisions\/708"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media\/151"}],"wp:attachment":[{"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/media?parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/categories?post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyberlaws.org\/wp-json\/wp\/v2\/tags?post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}