This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity.
List of Information Security Certifications for Organizations
Information Security Certifications for Organizations featured on this post:
- ISO/IEC 27001
- ISO/IEC 27701
- ISO/IEC 15408 / CC
- ISO 22301
- ISO 20000
- SOC
- PCI DSS
- SWIFT
- STAR
- ANSI/TIA-942
- Uptime Institute’s Tier
- European Union Cybersecurity Certifications (EU)
- Cyber Essentials Plus (UK)
- ENS (ES)
ISO/IEC 27001
ISO/IEC 27001 is an international standard about managing information security management systems (ISMS).
It can be audited and certified for a process within an organization.
ISO/IEC 27701
ISO/IEC 27701 is a privacy extension of 27001.
It can be audited as an extension of ISO/IEC 27001.
ISO/IEC 15408 / CC
ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security.
You can read more about CC on this post.
ISO 22301
ISO 22301 is an international standard about business continuity.
It can be audited and certified for an organization.
ISO 20000
ISO 20000 is an international standard about IT service. It is related to ITIL.
SOC
SOC stands for System and Organization Controls, and it is a report framework related to USA compliance.
There are 3 types of SOC reports, and the second of them is SOC 2 “Trust Services Criteria”. Like SOC 1, is intended for a limited audience.
A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.
SOC 1 Type 2 could also be considered as related to risk management and security controls.
You can read more about SOC on this post.
STAR
STAR (Security, Trust, Assurance and Risk) certification may be achieved by organizations offering cloud services.
STAR certification is managed by Cloud Security Alliance (CSA).
PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) applies whenever transaction with card payment applies.
PCI DSS can be audited.
SWIFT
SWIFT (Society for Worldwide Interbank Financial Telecommunication) can be audited.
ANSI/TIA-942
ANSI/TIA-942, sometimes referred as TIA-942, is a Telecommunications Standard for data centers.
The standard is defined by the American organization Telecommunications Industry Association (ITA).
Accredited organizations can provide certifications for this standard.
You can find more information on this external link.
Uptime Institute’s Tier
Uptime Institute issues a Tier Certification for data centers.
You can find more information on this external link.
EU Cybersecurity Certifications (EU)
As of 2022, EU Cybersecurity Certifications are not yet available.
There are three EU Cybersecurity Certifications planned:
- Europen Union Common Criteria (EUCC)
- European Union Cloud Services (EUCS)
- European Union 5G (EU5G)
You can find more information about EU Cybersecurity Certifications on this external link.
ENS (ES)
Esquema Nacional de Seguridad (ENS) is a very specific certification for organizations of Spain. It is required by any organization that belong to Spain Public Administration or private organizations providing a service to them.
You can read more about ENS on this post.
Cyber Essentials (UK)
Cyber Essentials is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.
There are two levels of Cyber Essentials certification:
- Cyber Essentials
- Cyber Essentials Plus
If your organization wants to work with a British public organization, you may need to obtain Cyber Essentials.
You can find more information about Cyber Essentials Plus on this external link.
[…] Information Security Certifications for Organizations […]