Step 2 to Certification

Once you’ve agreed to our proposal, we will contact you to book your assessment with an Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.

The purpose of this assessment is to confirm that the management system fully conforms to the requirements of the chosen standard in practice. If you undertake site work, or have more than one location that you want within the scope of your certification then your assessor will also need to audit these activities / locations.

During the stage 2 assessment, your assessor will:

  • document how the system complies with the standard by using objective evidence
  • undertake sample audits of the processes and activities defined in the scope of certification
  • visit any remote locations, additional sites or remote activities to evaluate the effectiveness of the management system off site
  • report any non-conformities or opportunities for improvement
  • produce a surveillance plan and agree a date for the first annual surveillance visit

If the assessor identifies any major non-conformances, certification cannot be issued until corrective action is taken and verified. Accreditation requirements stipulate that if this is not completed within 6 months, then certification cannot be recommended without a further stage 2 assessment.

Specifically for ISMS this requirement extends to any nonconformity regarding the internal audit or management review processes. Certification may not be issued for ISO 27001 until there is sufficient evidence to demonstrate that arrangements for management reviews and internal ISMS audits have been implemented, are effective and will be maintained.

%d bloggers like this: