Information Security Certifications for Organizations

This post summarizes some certifications for organizations (and not for individuals or professionals) related somehow to information security or cybersecurity.

List of Information Security Certifications for Organizations

Information Security Certifications for Organizations featured on this post:

  • ISO/IEC 27001
  • ISO/IEC 27701
  • ISO/IEC 15408 / CC
  • ISO 22301
  • ISO 20000
  • SOC
  • STAR
  • ANSI/TIA-942
  • Uptime Institute’s Tier
  • European Union Cybersecurity Certifications (EU)
  • Cyber Essentials Plus (UK)
  • ENS (ES)

ISO/IEC 27001

ISO/IEC 27001 is an international standard about managing information security management systems (ISMS).

It can be audited and certified for a process within an organization.

ISO/IEC 27701

ISO/IEC 27701 is a privacy extension of 27001.

It can be audited as an extension of ISO/IEC 27001.

ISO/IEC 15408 / CC

ISO/IEC 15408, also known as Common Criteria for Information Technology Security Evaluation, Common Criteria or CC, is an international standard for testing and confirming the system security.

Common Criteria supersedes the American TCSEC (Trusted Computer System Evaluation Criteria) or Orange Book from the Rainbow Series and European ITSEC (Information Technology Security Evaluation Criteria).

ISO 22301

ISO 22301 is an international standard about business continuity.

It can be audited and certified for an organization.

ISO 20000

ISO 20000 is an international standard about IT service. It is related to ITIL.


SOC stands for System and Organization Controls, and it is a report framework related to USA compliance.

There are 3 types of SOC reports, and the second of them is SOC 2 “Trust Services Criteria”. Like SOC 1, is intended for a limited audience.

A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating.

SOC 1 Type 2 could also be considered as related to risk management and security controls.

You can read more about SOC on this post.


STAR (Security, Trust, Assurance and Risk) certification may be achieved by organizations offering cloud services.
STAR certification is managed by Cloud Security Alliance (CSA).


Payment Card Industry Data Security Standard (PCI DSS) applies whenever transaction with card payment applies.

PCI DSS can be audited. 


SWIFT (Society for Worldwide Interbank Financial Telecommunication) can be audited.


ANSI/TIA-942, sometimes referred as TIA-942, is a Telecommunications Standard for data centers.

The standard is defined by the American organization Telecommunications Industry Association (ITA).

Accredited organizations can provide certifications for this standard.

You can find more information on this external link.

Uptime Institute’s Tier

Uptime Institute issues a Tier Certification for data centers.

You can find more information on this external link.

EU Cybersecurity Certifications (EU)

As of 2022, EU Cybersecurity Certifications are not yet available.

There are three EU Cybersecurity Certifications planned:

  • Europen Union Common Criteria (EUCC)
  • European Union Cloud Services (EUCS)
  • European Union 5G (EU5G)

You can find more information about EU Cybersecurity Certifications on this external link.


Esquema Nacional de Seguridad (ENS) is a very specific certification for organizations of Spain. It is required by any organization that belong to Spain Public Administration or private organizations providing a service to them.

You can read more about ENS on this post.

Cyber Essentials (UK)

Cyber Essentials is a UK Government-backed, industry-supported certification scheme introduced in the UK to help organizations demonstrate operational security against common cyber-attacks.

There are two levels of Cyber Essentials certification:

  1. Cyber Essentials
  2. Cyber Essentials Plus

If your organization wants to work with a British public organization, you may need to obtain Cyber Essentials.

You can find more information about Cyber Essentials Plus on this external link.

You might also be interested in…

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *