TÜV Rheinland has, with respect to this organization, checked that the requirements of the respective management system are being implemented; this means that the company objectives, quality objectives, customer-orientation and processes, etc. correspond to the targeted standard. Examples of management systems are ISO 9001 for product or services quality, ISO 13485 for the quality of medical products, ISO 14001 for environmental management or IATS 16949 for quality within the automotive industry.
For this purpose, TÜV Rheinland has ascertained whether the client's system satisfies the conditions of the standard and whether the system is up and running and being put into practice in the day-to-day operations. This checking process is performed based on certification rules. An audit is usually carried out as part of this process. As part of this, both the management documentation is inspected and the on-the-spot activities are checked-out for compliance with the requisite specifications. Final reports will point out further potential improvements.
The valid mark of conformity, which is depicted in Certipedia with the keyword "Management System“ and the standard that is below it, shows that the organization in question has been certified by TÜV Rheinland.
The ISO/IEC 27001 is an international standard for the evaluation and certification of the management of information security processes within companies. In addition to information technology, ISO/IEC 27001 particularly considers the relevant business processes. It not only describes the demands made on the organisation and the technical systems, but also the suitable activities for permanently sustaining the security level determined on the basis of the risk assessment.Information is to be considered as a company asset that needs protection against a variety of threats.
Information Security means: