© Scott S. Perry, CPA, PLLC.

STAGE 1 AUDIT

ISO 27011 MANAGEMENT CERTIFICATION PROCESS

YEAR 3 AUDIT

​(SURVEILLANCE) 

STAGE 2 AUDIT

PRE-AUDIT

​(OPTIONAL)

YEAR 2 AUDIT

​(SURVEILLANCE) 

BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR ORGANIZATION:
•      Provides senior management involved in information security with an efficient management process
•      Provides you with a competitive advantage due to customer trust and market share
•      Reduces costs due to incident and threat minimization
•      Demonstrated compliance with customer, regulatory and/or other  requirements
•      Sets out areas of responsibility across the organization
•      Communicates a positive message to staff,  customers, suppliers and stakeholders
•      Integration between business operations and information security
•      Alignment  of information security with the organization’s objectives
•      Seizing  opportunities to put forward  true value through enhancement of marketing

BENEFITS OF ISO/IEC 27001 CERTIFICATION TO YOUR CUSTOMERS:
•      Keeps  intellectual property and valuable information secure
•      Provides customers and stakeholders with confidence in how you manage risk related to information             security
•      Secures exchange of information
•      Ensures that  you are meeting your legal obligations
•      Manages and minimizes risk exposure
•      Cost savings for rework, damages and waste









ISO/IEC 27001 certification (also known as “registration”) is granted by a third-party, such as PECB, upon verifying through an audit that the organization is in compliance with the requirements of the ISO/IEC 27001 standard. This certification is then maintained through scheduled annual surveillance audits by the registrar, with re-certification of the Information Security performed on a triannual basis.
•      Step  1. Pre-Audit (Optional)- It must be done at least 3 months before Certification Audit
•      Step  2. Audit Plan - Plan for audit has to be mutually agreed
•      Step  3. Audit Stage 1 & 2 - Non-conformities must be closed at least 3 months after audit                             conclusions
•      Step  4. Initial Certification - Certificate will be issued within 2 weeks after  successful audit  closing
 
Once certification has been obtained, the organization will be subjected to two surveillance audits within 24 months from the initial certification:
•      Surveillance Audit Stage 1 - No longer  than 12 months from the initial certification audit
•      Surveillance Audit Stage 2 - No longer  than 12 months from the 1st  surveillance audit