Testing and certification of software solutions
Software for supporting information security management systems (ISMS tools)
Information is indispensible for companies. Therefore, companies frequently certify their information security management system (ISMS) as per ISO/IEC 27001. But the ready-made software solutions that support the setup, operation, documentation and improvement of such management systems (so-called ISMS tools) should be certified, because companies cannot always assess their effectiveness and efficiency.
TÜViT tests these software solutions by means of a standardized test procedure. If the software completely, correctly and functionally covers ISO 27001, effectively supports the ISMS in all phases, allows the administration of the ISMS-relevant documentation and corresponds to the current state-of-the-art, it can be awarded the Trusted Product ISO 27001 Tool certificate. For the manufacturers of ISMS tools, certification of the effectiveness and trustworthiness of a certified software solution means a decisive competitive advantage.
Our services in detail:
- Check to ensure that the manufacturer's software requirements agree with the requirements of ISO/IEC 27001
- Check of the implementation of the manufacturer's requirements within the software solution
- Check of the software results (e.g. explanation of usability) against the formal requirements of ISO/IEC 27001.
- Check of the software development process and the usability of the software
- Other checks depending on the complexity of the software
Our procedure
- Workshop for determining the scope of the software check
- Preliminary on-site check of software and documentation
- Check of the software on-site and off-site
- Certification of the inspected software version after the inspection has concluded with a positive outcome
