BNQ - ISO/IEC 27001

This content is intended for the public covered by the exceptions of the Charter of the French language and its regulations. If you read on, you confirm that you fall within one of these exceptions.

Information Security Management

Standard ISO/IEC 27001
Information Security Management

To ensure the security of sensitive information such as personal data of employees or clients, financial data, intellectual property, or any other information deemed sensitive, organizations holding this information must take appropriate steps to protect it from loss, theft, or alteration, and to protect their computer systems from any type of disaster or intrusion.

They can achieve this by meeting the requirements specified in ISO/IEC 27001 Information Security Management.

ISO/IEC 27001, the product of an international consensus, describes the implementation within an organization of an Information Security Management System (ISMS). This standard specifies international best practice and offers organizations a systematic approach for preserving the confidentiality, integrity, and availability of information, while helping them to limit the risks, costs, and damage linked to poor information security management.

The ISMS comprises policies, procedures, and security measures which must be appropriate and proportional to the risks incurred. ISO/IEC 27001 certification will increase the confidence of your organization and reassure your clients, suppliers, and employees since it will demonstrate that you have put into place the necessary means to protect the sensitive information in your possession.

ISO/IEC 27001 has several elements in common with other ISO standards; for example, the management system presented dovetails nicely with other management systems such as quality management (ISO 9001).

Download standard
- This standard is available on the ISO website.

Certification Offer

iso 50001

Organizations wishing to have their information security management system recognized should contact the BNQ, whose certification program for information security management systems is accredited by the Standards Council of Canada (SCC).

To qualify for ISO/IEC 27001 certification, organizations shall demonstrate to the BNQ that they meet the requirements of the standard. These requirements cover:

context (needs and expectations of stakeholders, limitations and applicability of the ISMS, etc.)
leadership (information security policy, roles, responsibilities, authorities, etc.)
planning (measures to be implemented in response to the risks and opportunities, information security objectives, plans to achieve the objectives, etc.)
support (resources, abilities, training, communication, documentation, etc.)
operational activities (operational planning and control, risk assessment and treatment regarding information security, etc.)
performance appraisal (monitoring, measuring, analyzing and assessing, internal audit, management review, etc.)
system improvement (noncompliances, corrective actions, ongoing improvement, etc.).

Notice of amendment

2023-06-05

Mise à jour du programme de certification ISO/IEC 27001 en référence à la norme ISO/IEC 27001:2022
Webinars (French only)
- 2023-06-21 Protégez vos données et celles de vos clients : un avantage concurrentiel
Webinaire
Présentation (PDF)
- 2022-10-27 L'information en votre possession est-elle traitée de façon sécuritaire?
Webinaire
Présentation (PDF)
Personne-ressource

For all information:

This email address is being protected from spambots. You need JavaScript enabled to view it.

ISO/IEC 27001

Certification Offer

Québec

Directions to the BNQ Qc

Montréal

Directions to the BNQ Mtl