São Paulo/SP – October 17, 2022. To start the certification process correctly, it is essential to keep in mind the internal training and awareness, which must be initiated by the top management, and pass through all the company's employees.
*By Kelli Ribeiro
Obtaining an ISO certification, in addition to enabling the company to expand its market, provides a competitive advantage against competitors, attesting internationally that your company is safe in the handling of information.
To start the certification process correctly, it is essential to keep in mind internal training and awareness, which must be initiated by the top management, and pass through all the company's employees.
The involvement of top management is essential for employees to understand the changes and implement controls in practice within their work routine.
ISO implementation can be carried out using the four steps of the PDCA cycle (Plan, Execute, Verify and Act), and may or may not be managed by other methodologies.
We will briefly present the following steps:
- Diagnosis and Planning, it is It is necessary to start the process by getting to know the company through the diagnosis, after this diagnosis, the scope definition is carried out, defining the strategic direction and establishing the processes and the sequence of operations.
- Implementation: During this stage, activities, roles and responsibilities must be defined to implement the new requirements required by the standard, based on the planning and definition of strategies that were carried out in the previous stages.
- Internal Audit: After the implementation stage, it will be necessary to carry out the internal audit. This procedure will check for possible errors in the processes, identifying failures and determining what changes are necessary for correction.
- Certification Audit: To obtain the certificate, after all the previous steps, the organization must undergo an external certification audit. This process is carried out by a certified company.
After certification, it is worth mentioning that there are so-called “supervision visits”, which take place annually and aim to ensure the continuity of the compliance of your management system and its continuous improvement.
ISO certification is valid for 3 years. After this period, the company will undergo a new certification audit (recertification) to verify the evolution of the Management System and what improvements were made during this period.
It is critical to pursue ISO implementation when understanding that preserving the security of corporate data needs to be a priority.
Counting on the experience of a specialized consultancy to obtain the ISO will be essential to facilitate the creation of the Management System and will make your obtaining certification more assertive.
Safeway Consultora can assist your company in all stages of the implementation of ISO certifications.
— Kelli Ribeiro is GRC and Privacy Manager at [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
