After you are done implementing Instant 27001, your are ready for certification by an accredited certification body.

On the web site of the International Accreditation Forum you can find your local accreditation body who, in turn, should publish a list with accredited certification bodies (registrars).

They will set you up with an auditor or audit team and the audit days are planned. An initial certification audit consists of two parts, conveniently named stage 1 and stage 2.

Stage 1

Also dubbed the documentation review, the auditor takes a look at the documentation (risk analysis, policies and procedures) to estimate whether you are ready to undergo the second part.

Stage 2

This part is sometimes called an implementation audit, since it consists of a series of interviews with representatives of the different departments (management, HR, IT, developers, operations, …) to make sure they understand their responsibilities when it comes to information security.

The duration of the certification audit depends on the size of your organization.

Selecting an audit bureau

Since Instant 27001 can speed up the audit process, some certification bodies are offering a discount on the number of audit days.

Introduce me to them

Start your ISO 27001 journey today!

Order now   Book a demo