ISO/IEC 27001 Certification
The ISO 27001 Certification Process can be intimidating. Our expertise is in getting you fully prepared for your ISO 27001 certification, but the process doesn’t end there as we can provide support throughout the remaining steps required to be certified.
|Steps for Getting Certified||PPS Support (if required)|
|Preparation for ISO 27001 Certification||Pivot Point Security’s ISO 27001 certification consulting services have positioned dozens of our clients for successful certification. Click here for more about our consulting services.|
|Registrar Selection||An ISO registrar will conduct the required information security audits and issue your ISO 27001 certification. Selecting the right registrar can reduce your costs and/or increase the likelihood of certification success. PPS works with you to select the best registrars, fills out the required questionnaires, and assists in the registrar selection process.|
|Preliminary Screening||Most registrars will perform a quick review of the documented ISMS to determine whether it meets the requirements of the standard, prior to scheduling the formal certification audit. This is done to ensure that neither your or their time/money is wasted on a formal audit if the ISMS is not ready. PivotPoint’s proven ISO/IEC 27001 consulting process generates the necessary artifacts to ensure your readiness for the certification audit.|
|Stage 1 ISO 27001 Certification Audit||During Stage 1 of the certification audit (also commonly referred to as the table top audit) an extensive review of the ISMS documentation is conducted. This process generally extends over 2 – 3 days with the outcome being a report on preliminary “failures” (referred to as either major or minor non-conformities). If the ISMS documentation fails to meet the required standard, the Registrar will require corrective action (or corrective action plans) before proceeding to Stage 2. PPS often provides on-site Stage 1 Certification Audit Support. That is, we are at the table, as a member of your team, working with you and on your behalf. The advantage of this approach is that having an ISMS expert there to explain subtleties of your ISMS reduces the likelihood that an auditor will issue a non-conformity.If the registrar is considering issuing a non-conformity, it is often possible to update the ISMS documentation during the Stage 1 audit to prevent a non-conformity.|
|Stage 2 ISO 27001 Certification Audit||During Stage 2 of the certification audit (commonly referred to as the compliance audit) the registrar will examine evidence that the ISMS is operating effectively, consistently, and in compliance with the organization’s documented ISMS (which has already been validated to meets the requirements of ISO 27001 during Stage 1).PPS often provides onsite Stage 2 Certification Support. We are present at the different sites/locations that the auditor samples, as a member of your team, working with you and on your behalf. Having an ISMS expert on hand to explain the evidence (or “appropriate” lack thereof) reduces the likelihood that an auditor will issue a non-conformity.|