Quality Austria is new Certification Body for ISO/IEC 27001

Certifications according to the international information security standard ISO/IEC 27001 are on the rise. Since 2018, the number of certificates issued worldwide has more than doubled from just under 32,000 to around 72,000. As the ISO Survey 2022 shows, this puts ISO/IEC 27001 in fourth place among certifiable standards.

Christoph Mondl, CEO of Quality Austria, comments:

"We are convinced that the need for and relevance of information security will continue to increase significantly in the next few years. In order to support our customers professionally and competently in this context, we will continue to expand our offer in this area."

Certificates as a door opener for business

Quality Austria has now received the accreditation notice from Accreditation Austria as the competent body of the Federal Ministry of Labour and Economy. In the future, Quality Austria will therefore also be authorized to carry out certifications according to ISO/IEC 27001:2022 and to issue the internationally recognized certificates. "Every media report about a virus attack or about image-damaging data losses further strengthens the organizations' need for security. The certificates are also demanded by more and more companies on the part of their business partners and serve as a door opener for new orders," explains Mondl.

ISO/IEC 27001 specifies the requirements for establishing, implementing, monitoring, maintaining, improving and operating an information security management system, taking into account the individual risks. So far, Quality Austria had carried out combination audits according to ISO/IEC 27001 and ISO 20000 (IT service management) via its subsidiary CIS - Certification & Information Security Services GmbH, which had already been accredited.

First revision of the standard in ten years

There is also an important innovation in the standard itself. As the previously used designation ISO/IEC 27001:2013 suggests, the revision of the standard, which was published in 2005, took place in 2013, and the now valid ISO/IEC 27001:2022 standard was published in October 2022. "The revised standard replaces the 2013 requirements, with a 36-month transition period for affected organizations. Already certified organizations can switch to the new standard as part of surveillance and recertification audits or by October 2025 at the latest. Initial certifications are already carried out exclusively in accordance with ISO/IEC 27001:2022," explains Mondl. ISO/IEC 27001:2022 is also based on the high-level structure familiar from other ISO standards. Because it has the same systematic structure as, for example, ISO 9001, ISO 14001 or ISO 45001, management systems according to ISO/IEC 27001:2022 can be integrated very well into existing systems and synergies can thus be used quickly and efficiently.