Information Security

Information Security management system 
(ISO 27001) certification

Information security breaches can have a major impact on your company’s business continuity and revenues. To help protect your organization, Bureau Veritas offers certification to ISO 27001, an Information Security Management System that ensures the confidentiality, integrity and security of company information. 

In an increasingly connected world, information security breaches are a growing threat. Consumers, investors and stakeholders have high expectations for information security, and regulations are becoming more stringent for organizations of all sizes. 

To safeguard their data, many businesses are implementing Information Security Management Systems. The ISO 27000 family of guidance and management standards helps secure the confidentiality of your company’s information. With internationally recognized certification from Bureau Veritas, companies can demonstrate the availability, integrity and confidentiality of their information and reduce the risk of information security breaches. 

Key benefits

  • Identify information security risks

    and implement appropriate organizational controls with ISO 27001

  • Implement a comprehensive information security policy

    specific to your business context and stakeholder needs

  • Safeguard your reputation

    by protecting customer information and reducing the risk of information security breaches

  • Assure customers, regulatory bodies and stakeholders

    of your information security processes by certifying to ISO 27001 with Bureau Veritas

ISO 27001: Information Security Management System 

ISO 27001 heads a family of information security standards that provide comprehensive guidance and support to systematically understand your information security risks and vulnerabilities. By implementing ISO 27001, you can apply rigorous information security methodologies, reducing risks and safeguarding against security breaches.  

ISO 27017: Information security for cloud services

ISO 27017 is an international code of practice for cloud-based information that establishes clear controls for information security risks. For cloud-service providers already certified to ISO 27001, ISO 27017 is a complementary standard that helps reassure clients of their information safety.   

ISO 27018: Personally identifiable information 

Cloud services providers that process significant volumes of Personally Identifiable Information (PII) can be certified to ISO 27018, individually or in conjunction with ISO 27001 and/or ISO 27017. This international code of practice establishes controls for information backup management, information recovery and erasure, procedures for customer disclosure and more.  

The new ISO/IEC27001 is coming

Earlier on in 2022, the International Organization for Standardization (ISO) released a new version of its 27002 controls, therefore impacting the ISO27001 standard. A new version of the latter is expected to be released in end-October this year, opening thereby a cycle of re-certification for many companies around the world.

The ISO27001:2022 through the evolution of its Annex A will present a simplified version of the required controls. The original 114 controls divided into 14 chapters will now be reorganized into 93 controls divided over 4 chapters (Organizational, People, Physical and Technological). New focus points are now set on prevention, detection and reaction to cyberattacks as well as data protection (in line with the NIST Cybersecurity Framework).

We from Bureau Veritas are here to support you and will be releasing a new Webinar to prepare you for this new transition:

Related Documents