Information security management systems (ISMS)


Information security management systems (ISMS)

The ISMS Auditor Certification Scheme has been developed with advice from industry on the specific competencies required by ISMS auditors to ensure effective conduct of audits. This in turn will provide confidence by organizations in the outcomes of ISMS audits.

Information security ensures business continuity, minimizes business damage through the management of information security risks and maximises business opportunities. Within the context of the ISO 27001 standard, information security should achieve:

  • Confidentiality: information is accessible only to those with authorisation
  • Integrity: maintains the accuracy and completeness of information
  • Availability: authorised users have access to information when required

The programme supports third-party certification: we certify the different categories of auditors - those employed by certification bodies/registrars, consultants and internal auditors. We also develop and promote good auditor training and auditing best practice.