http://securityratty.com/tag/scopes Tue, 20 May 2008 13:31:23 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss http://securityratty.com/article/1dfa014f9222e43976da535278f9636b http://securityratty.com/article/1dfa014f9222e43976da535278f9636b
Auditors must be accredited by the International Register of Certificated Auditors (IRCA), so www.irca.org is a good starting point. For example, you'll find 40 auditors in the U.S. who are accredited for ISO 27001. They work for large consultancies or system integrators, but also for some smaller companies. Alternatively, you can look for an organization that issues certificates. Unfortunately, there is no international register for them; you'll have to look for a certifying organization that is accredited by a national accreditation body (for example, UKAS in the U.K. or TGA in Germany). These bodies maintain a list of accredited organizations (see http://www.ukas.com/about_accreditation/accredited_bodies/certification_body_schedules.asp and http://www.tga-gmbh.de/scopes/index.php?id=0051). For other countries, see the member list in http://www.iaf.nu. In the U.S., ANSI is in charge and has delegated this responsibility to ANAB (American National Standards Institute - American Society for Quality National Accreditation Board). However, the corresponding database (see http://www.anab.org/Directory/Certs_Search.asp) lists only two accredited organizations. The better way is probably to either look at the U.K. register (because many organizations can issue certificates for companies in the U.S. as well) or have a look at the unofficial register of ISO 27001 certificates (see http://www.iso27001certificates.com). There, you'll find a list of certified companies and the corresponding body that issued the certificate.

No matter which entry point you choose, the list of auditors, the list of certifying organizations or the list of issued certificates - the names that come up are often the same: BSI Management Systems, one of the TÜV companies, PricewaterhouseCoopers, Bureau Veritas and Atsec.

]]> Tue, 20 May 2008 13:31:23 +0000 certification body body register international register body schedules list international standard iso tv companies iso How Do I Get ISO27001 Certification?