ISO 27001 Certification
The security of information is vital to both your customers and your business. To ensure information security is properly managed and maintained, your organization may choose to become ISO 27001 certified.
The ISO 27001 standard, created by the International Organization for Standardization (ISO), is intended to provide a universal methodology for the implementation, management, and maintenance of information security within an organization.
An ISO 27001 certification demonstrates conformity of your Information Security Management System (“ISMS”) with the documented standards and is typically utilized by organizations that want to demonstrate the maturity of their information security environment, meet contractual obligations, or gain a competitive uniqueness against their competition.
As an ANSI-ASQ National Accreditation Board (“ANAB”) accredited certification body , A-lign is one of a limited number of companies that can issue an accredited ISO 27001 certification in the U.S.
The ISO 27001 pre-assessment is designed for companies that will undergo the certification process for the first time and is only performed on an as-needed basis upon request.
During the pre-assessment, A-lign simulates the actual certification audit by performing a review of your organization’s scope, policies, procedures, and processes to identify any gaps that may need remediation before your organization is able to achieve certification.
By performing the pre-assessment, your organization is able to identify areas of non-conformity prior to the certification cycle. This reduces the time it takes to move through the certification process and prepares you for an efficient audit.
Stage 1 Audit
This is the first step towards certification and will determine if the required documentation, including policies and procedures, is in place to support your ISMS. As part of the Stage 1 audit, A-lign reviews your documentation to confirm that it is in compliance with the requirements of ISO 27001.
The conclusion of Stage 1 audit will determine whether your organization is ready to move forward to Stage 2 or if modifications are required to your policies, procedures, and supporting documentation before proceeding.
In the event non-conformities are identified during the Stage 1 audit, you will have the opportunity to modify your documentation to address the issue identified. Once all non-conformities are addressed, A-lign will move to the Stage 2 audit.
Stage 2 Audit
The Stage 2 audit is performed to test the conformance of the ISMS with ISO 27001 and your internal policies and procedures. To ensure an efficient audit process, A-lign begins each audit with detailed planning that includes providing a project plan, information request list and interview schedule so your team is prepared for our arrival on-site.
During A-lign’s on-site audit we will perform testing procedures including interviews, inspection of documented evidence and observation of your processes. If non-compliant items are identified A-lign will notify the project sponsor so your team is kept up-to-date
Upon completion of the Stage 2 audit, A-lign will provide you with an audit report that includes non-conformities identified during testing. Once the non-conformities are addressed, and evidence is provided to A-lign, we will make a decision to certify your company as ISO 27001 compliant.
As part of the certification process, A-lign will provide a seal and certificate that can be displayed on your website to showcase your ISO 27001 certification.
To ensure ongoing conformity of your ISMS with ISO 27001, surveillance audits will be performed for two years following the certification (certifications are valid for 3 years). The scope of the surveillance audits is limited and includes a sample of locations and controls included in the ISMS. As with the Stage 2 audit, the surveillance audits are planned and executed using our defined audit methodology that improves the overall efficiency of the project.
A-lign professionals are experienced in establishing, maintaining and auditing ISO 27001 programs which add to the efficiency of the audit.
Upon request, information with regards to our audit processes and certification processes for granting, maintaining, extending, renewing, reducing, suspending or withdrawing certification, and information about the certification activities, types of management systems and geographical areas in which it operates and/or the validity of any given certification will be provided.
Email requests can be made by selecting the appropriate link from the specified departments below:
- Audit Program and Process Documentation
- Certifications Granted/Suspended/Withdrawn
- Appeals and Complaints Process
- ISO Certified Organizations
Please call 1-888-702-5446 for further information, or contact us here.