Banner

You are here

 Home   Certificate of Conformity to PN   Certification process   ISMS   Certificate of use

Certificate of use

Printer-friendly versionPDF version

Certificate of use of Information Security Management System (ISMS) - compliance with the Polish Standard PN-ISO/IEC 27001

Parties interested in cooperation with Polish Committee for Standardization should meet the provisions of the ordinance of the President of PKN No 12 of 29 March 2010.

  1. Polish Committee for Standardization- implementing rules for the information security policy in PKN, according to the provision of the ordinance of the President of PKN No 10 on 11 March 2009 and with a view in particular:
  • needs to protect information and to ensure its security in the PKN,
  • needs and expectations of the stakeholders in the field of standardization,
  • obligation to supervise by PKN activities related to the exchange of standardization documents while ensuring the highest level of information security,
  • services in terms of it security in all areas of safety management,
  • co-operates with organizations which have implemented Information Security Management System under requirements of PN-ISO/IEC 27001.Fulfilment of these requirements must be confirmed by relevant certificate of ISMS or ISMS certificate of use issued by PKN.
  1. Polish Committee for Standardization has information security management system experts. PKN experts have competences to provide advanced services in the field of information security basedon standards:
  • PN-ISO/IEC 27001:2007Information technology - Security techniques - Information security management systems - Requirements
  • PN-ISO/IEC 17799:2007Information technology - Security techniques - Code of practice for information securitymanagement
  • PN-ISO/IEC 27005:2010Information technology - Security techniques - Information security risk management
  • PN-ISO/IEC 27006:2009 Information technology - Safety technology - Requirements for bodies operating certification of management systems, audit and information security
  • PN-I-13335-1:1999 Information technology - Information guidelines for the management of the security of information systems - Concepts and models of security of information systems

The competence of the above PKN experts/specialists are confirmed by certificates of "Information Security Manager" and "Information Security Auditor".

  1. Applying forISMS certificate of use by the organizations and issuing the certificate by PKN specifies Ordinance of the President of PKN No 12 of 29 March 2010 on auditing by Polish Committee for Standardization (as the second party), of information security  management system of organization (as the first party) according to PN-ISO/IEC 27001 and on issuing by PKN of ISMS certificates of use.
  2. A PKN proceedings (as a second party) are described in the Auditing instructions and issuing of ISMS Certificate of use (annex 1 to the Decree PKN 12/2010).

The instructions provide a uniform rules for PKN in conducting the auditing process and include requirements for organization interested in cooperation with PKN.

  1. All interested in the ISMS certificate of use issues by PKN are request to fulfill application form which should be signed by authorized representative of the organization and sent to PKN(with the necessary information).After PKN positive verification of the application parties shall sign contract for the performance by PKN as the secend party of ISMS audit and issuance of an ISMS certificate of use.
  1. Parties (PKN / the organization as above) also should sign agreement on the supervision of the ISMS certificate of use  - it is obligatory condition for organization. Organizations have to have ISMS under PKN surveillance to assure continuity of complying adequate requirements. Surveillance audits conducted by PKN are carried out according to the rules laiddown in the agreementbetween PKN and the organization. Then PKN can issue certificate of use of ISMS.
  1. Cost for organization depends on an individual situation of the organization and on the request of the interested organization PKN inform about cost for period of 5 years, taking into account the necessary input data.

Details of the requirements are contained in the annexes to Regulation No 12 of 2010:
Annex 1: Auditing instruction 

Annex 2: Template of ISMS certificate of use

Annex 3: Template of the application form

Annex 4: Template of contract between PKN (as second party) and interested organization (as a first party) on auditing of ISMS on conformity to the requirements of PN-ISO/IEC 27001 and on issuing by PKN ISMS certificate of use

Annex 5: Template of contract for surveillance of issued by PKN ISMS certificate of use


In order to obtain any additional information and clarification - please contact with Certification Departmentof the Polish Committee for Standardization.