May 2010 – Decision of the Management Team to pursue certification of the implementation- and support organization of Comsenso against the ISO-27001 standard

June/July 2010 – Proposals from several external auditors

August 2010 – Decision to grant Det Norske Veritas the assignment to act as our external auditor

August 2010 – Determination of the Scope and Statement of Applicability of our ISMS (Information Security Management System)

September/October 2010 – Repetition of the initial Risk Assessment, adapting our existing procedures and policies to the standard and refining the ISMS and accompanying policies, procedures and workinstructions

November 2010 – Pre-audit of ISMS documentation structure by DNV has taken place on November 23rd

December 2010 – The pre-audit resulted in 2 remarks. The first ISMS audit will be held during the first week of January

January 2011 – The audit took place with good results. The recommendations for improvement following the Plan-Do-Check-Act cycle need to be addressed before the next regular audit in a year from now. Now waiting for the paperwork to get finalized before the certificate will be issued.

March 2011 – The certificate was formally issued on March 18th. You can view DNV’s register of ISO-27001 certificates here.

Januari 2012 – First periodic (yearly) audit by DNV. Waiting for the LOF and reconfirmation of our ISO-27001 status.