Audit Process

A-LIGN has developed an audit methodology for conducting ISO 27001 certification audits that is in conformity with ISO 17021:2015 and ISO 27006:2015. The methodology addresses the steps of the certification cycle including Stage 1, Stage 2, Certification Decision, as well as the ongoing Surveillance and Special audits that are required.

We communicate the audit expectations, timing, and deliverables to our clients through the audit planning documentation, kick-off/closing meetings and regular status meetings. A-LIGN’s standard methodology ensures all certification audits follow the defined process.

Certificate Decisions

As your certification body for ISO 27001, we have developed criteria for all certification decisions including granting, refusing, maintaining, renewing, suspending, restoring and withdrawing the certificate. These processes follow the requirements defined in ISO 17021:2015 and ISO 27006:2015.
Prior to finalizing any decision related to ISO 27001, A-LIGN communicates with our clients through the engagement team. All decisions related to the ISO 27001 certificate follow our documented methodology and are approved by A-LIGN’s senior leadership.

A-LIGN’s Name and Logo

As an accredited certification body A-LIGN has developed a trademarked logo that demonstrates our certified clients’ conformance with ISO 27001. The rules associated with the use of our name and logo in regards to ISO 27001 certifications are documented in the terms and conditions of our contract and again upon successful certification for our clients. A-LIGN monitors the use of its name and logo to ensure compliance with our contractual agreement and ISO 17021:2015 and ISO 27006:2015.

Appeals and Complaints

A-LIGN’s audit team strives to clearly communicate the justification for their decisions related to the certification activities. When a situation arises where the client does not agree with the audit team they may appeal the decision to A-LIGN’s leadership. A point of contact is assigned to research the appeal who is separate from the audit team. A-LIGN’s leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly with the client’s audit team or by emailing ISO27001@a-lign.com.

Complaints filed against A-LIGN or our certified clients are received, handled and resolved in accordance with ISO 17021:2015 and ISO 27006:2015. A-LIGN has developed a process managed by a team independent of our audit team to document and track the complaint. The complaint will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed through the process and of the complaint resolution. Complaints may be filed by emailing ISO27001@a-lign.com.

Information Requests

Inquiries may be submitted directly to A-LIGN, including areas where we operate, certificate status and information for our certified clients by emailing ISO27001@a-lign.com.