- What type of assurance report is suitable to meet the information security requirements for accreditation?
- Is ISO 27001 certification sufficient to fulfil the information security requirement for accreditation?
- Accreditation requirements surrounding information security and assurance reports, including the evidence to be provided, are set out in our Supplementary Accreditation Guidelines: Information Security
- Where an applicant has an ISO 27001 certification, the applicant may seek to rely on this certification as partial evidence to demonstrate that it satisfies the information security obligation. The Data Recipient Accreditor will accept, as part of an accreditation application, a current ISO 27001 certification together with an additional scope assurance report. More information on our approach to recognising ISO 27001 certification in the context of information security requirements can be found in our Supplementary Accreditation Guidelines: Information Security.