FAQ

1. What does Accreditation to ISO/IEC 17025 mean?
ISO/IEC 17025 is applicable to testing and calibration laboratories and covers the use of standard, non-standard and laboratory-developed methods.
Laboratories that can demonstrate compliance with ISO/IEC 17025 at assessment have demonstrated they operate using sound management practices and are technically competent to perform specific tests, calibrations and/or measurements for which they hold accreditation.

The management requirements of the Standard were written to meet the systems requirements of ISO 9000:1994 series. However, accreditation against ISO/IEC 17025 cannot be interpreted to be the same as certification against the ISO 9000 series Standards.

2. What does Certification to ISO 9001 Mean?
From 15th December 2003, the ISO 9000:1994 series of Quality Management Standards becomes obsolescent and will be superseded by a single Standard known as ISO 9001:2000.

ISO 27001 /ISO 17799 information security standards FAQ

1. Why has ISO 17799 been renamed to ISO 27002?
The rename was initiated by ISO, who wanted to align the information security standards under a common naming structure (the 'ISO 27000 series').

2. Which ISO27002 controls are most important?
That largely depends upon the individual organization. However, ISO27002 does give some guidance, in the form of 'legislative essentials' and 'common best practice' under the IS "starting point" section. These are:
- intellectual property rights (12.1.2)
- safeguarding of organizational records (12.1.3)
- data protection and privacy of personal information (12.1.4)
- information security policy document (3.1.1)
- allocation of information security responsibilities (4.1.3)
- information security education and training (6.2.1)
- reporting security incidents (6.3.1)
- business continuity management (11.1)

3. What is a Certification body?
An accredited certification body is a third party organization that assesses/certifies the IS management system against the standard (BS7799-2 / ISO 27001).