Security Operation Management System certification is granted by certification bodies (CBs) to organizations whose security management systems meet the requirements of the ISO 18788 standard. ISO 18788 specifies the key elements of a security management system that an organization must implement to become certified under the standard. To achieve certification, an organization must establish a security policy, communicate it effectively to all employees, and ensure it addresses potential security risks and threats.

The organization must define security objectives and targets aimed at improving security performance and reducing risks. These objectives and targets should be measurable and closely monitored to support continual improvement. In addition, the organization must demonstrate compliance with relevant security regulations and legal requirements.

Conformity Assessment Bodies seeking accreditation for ISO 18788 must comply with ISO/IEC 17021-1 and other specific international standards as outlined in the Specific Requirements for Accreditation for Security Management Systems (SMS).