Certification to ISO/IEC 27001

Cyber security is critical to business and involves the protection of IT systems and data from cyber threats. ISO/IEC 27001 concentrates on information management system and it enables organisations to put in place the right people, processes, procedures and technology. Certification is a sound choice for any organisation that desires to put effort on information security and especially for those wanting to prove to third parties that they are operating according to good security standards.

The certification process starts after we have received an application. The actual certification happens in two stages. First we will review organization’s readiness to comply with the ISO/IEC 27001 standards. And then we assess the implementation to make sure the organization is operating as required for certification. When an organisation has passed the formal assessment it will receive an ISO/IEC 27001 certificate, which is valid for three years. During this period, we will conduct annual assessments that are similar to the first audit.  
We offer also ISO 27001 pre-assessment, which is lighter than the formal audit. It allows the organisation to evaluate its readiness to comply with the standards. The pre-assessment will bring to light nonconformities, giving the organization enough time to address those prior to starting the formal certification audit.
In addition, we offer an opportunity combine assessments; and conduct an audit for ISO/IEC 27001 and other auditing criteria such as VAHTI, Katakri and PCI at the same.

Certification services

Together Nixu corporation and its independent subsidiary Nixu Certification Ltd. provide a wide variety of information security auditing services.
Read more


Helping you meet the Finnish National security audit criteria.
Read more

PCI Onsite Assessment

The official PCI DSS assessment service since 2006.
Read more