ISO 27001:2013 ISMS

Information Security Management System

The most important asset of any company around the world would be its data. The stakeholders expect and demand for the confidentiality, availability of the data; it would be an absolute disaster if any sensitive information was hacked or stolen. Information security is even more vital for the internet of things era.  ISO/IEC 27001:2013 is a Information security standard dealing with the information security for an organization.

Information Security Management Systems (ISMS) is a systematic and structured approach to securely handle company’s sensitive information. ISO/IEC 27001:2013 provide requirements for establishing, implementing, maintaining and continually improving an information security management system.


  • ISO/IEC 27001:2013 is the only auditable International standard that defines the requirements of information security
  • ISO/IEC 27001:2013 Certification helps businesses expand in global markets. It demonstrates credibility when tendering for contracts.
  • Protect and enhance organization’s reputation by avoiding costly penalties and financial losses due to data / information breach
  • ISMS improves company culture on understanding the infosec risks and integrating the security controls into the organizational processes and thus, lowering the overall risk to the organization.

Certification Procedure

  • Application for certification from client
  • Submission of offer by IRQS
  • Acceptance of offer by client and confirmation of agreement by both client organization and IRQS.
  • Conduct of Initial Certification audit – (Stage 1 + Stage 2) / Re-Certification audit.
  • Issuance of the “Certificate of approval” on successful completion of the initial / Re-certification audit process.
  • Validity of “Certificate of approval” is for three years from the date of decision, subject to conduct of annual surveillance audits.
  • Recertification audit process to be completed before the expiry of “Certificate of approval”.