Skip main navigation
You are at: Home>Certification>Information Technologies (ICT) Certification>Information Security ISO 27001
Information Security Management ISO 27001
Information Security Management ISO 27001

Information Security Management ISO 27001

​​​​​​​​​​​​​​​​​​​​​​​​​​​The key security component for your information system

Information is one of the most important assets in an organisation. Defending this asset is essential in order to ensure that the business is able to continue and develop; it is also a legal requirement (protecting intellectual property, protecting personal data, information society services) and enables customers and/or users to feel more confident.

The greater the value of the information, the greater the risks associated with its loss or deterioration, improper or malicious use.

Information Security Management Systems (ISMS) are the most efficient way to minimise risks, ensuring that the business processes and/or IT services, assets and risks are identified and evaluated, considering the impact for the organisations, and that the most effective controls and procedures are adopted in line with the business strategy.

Effective management of information security guarantees:

  • their confidentiality, ensuring that only authorised people can access information,
  • their integrity, ensuring that the information and their processing methods are accurate and complete, and
  • their availability, ensuring that authorised users have access to information and associated assets when needed.

AENOR's certification of the Information Security Management System, in accordance with UNE-ISO/IEC 27001:2014, contributes to promoting activities to protect information in organisations, improving their image and generating confidence among third parties.

Furthermore, Spanish companies' interest in this certification has placed us in the top ten worldwide in terms of the number of SGSI certificates issued, and means that AENOR is the leader in this certification.

Information Security Management Systems are part of the PDCA cycle of ongoing improvement, as are all other ISO Management Systems. This makes it possible to integrate ISMS with any other management system.

The conduct of comprehensive audits optimises internal processes and, as a result, reduces auditing time. This approach is particularly suitable for  ISO 9001 and ISO 20000  ) and National Security Scheme (Royal Decree 3 /2010)​​

When the auditing process has been satisfactorily completed, if the system being used complies with the requirements of the UNE-ISO/IEC 27001 Information Technologies standard, Security techniques. Information Security Management System (ISMS). the organisation obtains:

  • the AENOR Certificate for Information Security Management Systems
  • A license to use the AENOR Information Security mark
  • The IQNet Certificate, passport for international access of its certification. With it, its AENOR certificate will be recognised by leading certification entities all over the world.
  • The user licence for the IQNet mark.

Furthermore, organisations with management systems certified by AENOR have free access to the AENORnet and a subscription to the AENOR monthly magazine.​​

AENOR Mark of Information Security UNE-ISO/IEC 27001

AENOR Information Security Mark
UNE-ISO/IEC 2​7001​ 

IQNet Mark MANAGEMENT SYSTEM

IQNet Mark
MANAGEMENT SYSTEM



AENOR is the indisputable leader in information security certification in Spain, making a major contribution to Spain's position in the world's top ten.

Over 500 ISMS certificates have been issued by AENOR. Certified organisations include public administrations and numerous organisations from all types of industries (health, technology, telecommunications, insurance, banking, services, law offices, construction and transport firms, etc.). For example CEPSA, INDRA, IECISA, KIONETWORKS, MINISTERIO DE SANIDAD [Ministry of Health], Organismos pagadores de España [Spanish payment agencies], ATENTO-ContactUS (USA), INFONAVIT (Mexico), COMISIÓN NACIONAL DE FIANZAS Y SEGUROS [National Commission of Finance and Insurance] (Mexico), TELEFONICA PERU (Peru), BANCO CENTRAL DE CHILE [National Bank of Chile] (Chile), BANCARIBE (Curaçao), etc​.