ISO 27001 - System Certification Services

Information Security Management System

Every day, your organisation is surrounded by a wide variety of confidential information and data which have to be protected against the growing threat from cyber attacks and data theft. Responsible handing of information is therefore more important than ever, and the aspects of confidentiality, availability and integrity are becoming increasingly significant.

A well-functioning information security management system (ISMS) supports your organisation in closing loopholes within the IT structures and minimising data security risks. The criteria for establishment, implementation, operation, surveillance and continuous improvement of a documented ISMS are defined by the globally recognised ISO 27001 Standard.

With certification according to ISO 27001, you can provide objective and credible evidence of the effectiveness of your information security management system (ISMS), as the globally recognised standard defines the requirements for establishment, implementation, documentation and improvement of an ISMS. Existing risks for your organisation are identified, analysed and then eliminated based on effective and appropriate measures. This means you can protect your confidential data and improve the integrity and availability of your IT systems.

New ISO 27001:2022 & Its Transition Period

To address global cybersecurity challenges and imrove digital trust, a new and improved version of ISO/IEC 27001:2022 has just been published on Oct 25, 2022, replacing ISO/IEC 27001:2013.

Below are the transition policies following the upgraded standard:

1. For Our New Client:

A. Starting Oct 25, 2023 will be audited for certification audit using ISO/IEC 27001:2022
B. Before Oct 25, 2023, for new clients who will still be audited using ISO/IEC 27001:2013, your certificate will be valid only until Oct 25, 2025. Before it ends, you need to undergo an upgrading audit and new certificate will be released with its actual validity date.
Example:

Client A	Audited using ISO/IEC 27001:2013		Upgrade – Audited using ISO 27001:2022	Audited using ISO/IEC 27001:2022
Client A	1st Year	2nd Year	3rd Year	4th Year
Certification Audit – stage 1	10 – 11 Jan 2023
Certification Audit – stage 2	22 – 24 Jan 2023
Surveillance Audit - 1		22 – 24 Jan 2024
Surveillance Audit - 2			22 – 24 Jan 2025
Recertification Audit				22-24 Jan 2026
Certification Decision	24 Mar 2023		24 Mar 2025	24 Mar 2026
Output Certificate	ISO/IEC 27001:2013 which is valid from 24 Mar 2023 to 25 Oct 2025 (with actual validity of certificate is 23 Mar 2026)	-	ISO/IEC 27001:2022 which is valid from 25 Oct 2025 to 23 Mar 2026	ISO/IEC 27001:2022 which is valid from 24 Mar 2026 to 23 Mar 2029

2. For our existing client:
The transition period will be up to Oct 25, 2025

Varied benefits

Here’s how ISO/IEC 27001 will benefit your organization:

Secure information in all forms, including paper-based, cloud-based and digital data
Increase resilience to cyber-attacks
Provide a centrally managed framework that secures all information in one place
Ensure organization-wide protection, including against technology-based risks and other threats
Respond to evolving security threats
Reduce costs and spending on ineffective defence technology
Protect the integrity, confidentiality and availability of data.

Our know-how for your success

TÜV NORD is a well-established and reliable partner for inspection and certification services. Our experts and auditors have extensive knowledge based on experience and are generally permanently employed by TÜV NORD. This guarantees independence and neutrality, and also means we can offer continuity in supporting our clients. The benefit to you is clear: our auditors accompany and support the development of your company and provide you with objective feedback.

Contact Us

Arkadia Green Park, Tower F 6th Floor, Suite 602-604, Jl. TB. Simatupang Kav.88, Kebagusan, Pasar Minggu, 12520 Jakarta Selatan

Contact Send mail

Tety YohantiSales Manager
Certification Services

tety@tuv-nord.com