The core attributes of our approach are effectively and efficiently performing the certification procedures. This requires effective planning and open communication with your organization throughout the entire engagement and particularly during the audit and reporting phase.
Our mission is to efficiently perform the certification procedures whilst minimizing the disruption of your operational processes. In our approach, the certification process consists of five phases resulting in the ISO 27001 or ISO 9001 certification for your organization.
Scoping & pre-audit
The scope for the audit will be prepared based on the risk assessment, the prepared management policies and discussions. Applicable documentation for the final audit will be requested from relevant employees within the organization and audit files are prepared.
Planning & preparation
De audit planning and interviews with employees are discussed during the planning phase. Based on the planning an audit plan is prepared including a timeline and specific milestones. This audit plan is discussed with and approved by management.
Fieldwork contains of gathering all necessary evidence based on the audit plan. Based on the gathered evidence a documentation review is performed. Furthermore, the management system is reviewed and observed by interviewing key personnel.
Based on the audit procedures an extensive analysis is performed in order to determine the operating effectiveness of the implemented management system. Additional audit procedures will be performed if necessary based on identified gaps.
During the reporting phase, a management letter will be prepared including nature, timing and scope of the audit, the audit results, conclusion and recommendations. The ISO certificate will be issued if the audit has been performed successfully in case of a certification or recertification.
Check out our latest articles regarding risk management, governance and compliance.