Information is a vital asset of any organisation and confidential customer information entrusted to it brings special obligations. Unauthorised access to important information and knowledge capital, or its loss, can have significant negative impact on an organisation, including interruption of business continuity, loss of strategic advantage, vulnerability to fraud, and damage to reputation.

Purpose

A certified information security management system demonstrates commitment to the protection of information and provides confidence that assets are suitably protected – whether held on paper, electronically, or as employee knowledge.

Expectations towards organisations protecting important information are ever present but often the means of assurance is not apparent. Significant incidents involving losses and fraud continue to make the headlines and cause concerns for customers and consumers in general. Consequently, customers, boards and other stakeholders, including the public, are increasingly demanding evidence of robust and effective information security and business continuity measures.

Information security management systems take a systematic approach to minimising the risk of unauthorised access or loss of information and ensuring the effective management of protective measures put in place. They provide a framework for organisations to manage their compliance with legal and other requirements, and improve performance in managing information securely.

ISO 27001 is the most common and globally recognised standard for information security management systems and is applicable to any organisation in any business sector.

The standard provides a comprehensive approach to security of information needing protection, ranging from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Subjects to address include competence development of staff, technical protection against computer fraud, information security metrics and incident management as well as requirements common to all management system standards such as internal audit, management review and continuous improvement.

DNV also offers certification of your security system to the World Lottery Association (WLA) Security Control Standards©. WLA standards are tailor-made for the security systems of lottery operations. To be eligible for certification, you have to be a member of WLA.

Benefits

Implementing an effective information security management system will help identify and reduce information security risks, as it helps you focus your security efforts and protect your information.

The main drivers for organisations to implement an information security management system and seek certification are:

• Demonstration of responsibility towards protection of customer and own information

• An effective framework for compliance with requirements, including data protection regulations

• Contractual obligations or expectations in a business-to-business relationship

• Potential cost saving due to improved operational control and loss management

• A competitive market advantage through enhanced image and increased stakeholder confidence

Features

Certification of your information security management system by DNV provides assurance to the market and top management of your effective management of information, risks and legal compliance.

DNV experience of information security management and certification of management systems is extensive.

With our Risk Based Certification™ approach, DNV auditors focus on how well your information security management system supports the areas of greatest risk and interest to you, in addition to measuring compliance against elected standards. Our auditors know the business you are in and will apply their experience in ways that will improve and add value.

DNV Risk Based Certification™ is offered worldwide and DNV holds a wide range of national accreditations. With our global network of local resources, we provide you with the certification most suitable to your needs, type of business, and company location.

Information security management system certification may be combined with certification to other management system standards, e.g. ISO 9001, ISO 14001 and OHSAS 18001.

Process

Read more about accredited certification, the road to certification and why you should partner with DNV.