Certification

ISO 27002 (the Code of Practice for Information Security Management) should provide the basis for an organisation's security policy and procedures. The organisation needs to build an infrastructure of policy, baseline controls (from ISO 27002 and other sources), interpretation, guidelines, monitoring and awareness training to ensure that all staff understands what is required. These will fit into a security architecture.

Why does my organisation need certification?
Accredited certification
What does 'Accredited' mean?
Different types of audit
How does the certification scheme work?
Six step certification process
Summary

An Introduction To Information, Network and Internet Security
Certification ISO 27002 (the Code of Practice for Information Security Management) should provide the basis for an organisation's security policy and procedures. The organisation needs to build an infrastructure of policy, baseline controls (from ISO 27002 and other sources), interpretation, guidelines, monitoring and awareness training to ensure that all staff understands what is required. These will fit into a security architecture. Why does my organisation need certification? Accredited certification What does 'Accredited' mean? Different types of audit How does the certification scheme work? Six step certification process Summary	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security