ISO 27001 Certification Audit & Risk Assessment Services
If ISO 27001 compliance and certification is vital to your business’ future success, you can trust Linford & Company LLP to assist you on your compliance journey with our organized, clear, repeatable processes and expectations all based on the guidance of the standard.
"*" indicates required fields
The International Standards Organization (ISO) is a non-governmental, independent global organization. One of ISO’s main objectives is to unite experts to exchange knowledge, aiming to develop pertinent international standards that drive process innovation and offer solutions to security challenges across various industries worldwide.
What is ISO/IEC Standard 27001:2022?
ISO/IEC 27001 specifies the requirements to establish, implement, maintain, and continuously improve an organization’s Information Security Management System (ISMS). It is a globally recognized standard that distinguishes an organization by demonstrating compliance with industry standards and a commitment to information security. The 27001 standard outlines requirements for businesses to establish and manage an Information Security Management System (ISMS).
ISO 27002 offers control objectives for information security that are often utilized as a backbone of an ISMS. Note that in October 2022, ISO/IEC 27001:2022 “Information security, cybersecurity and privacy protection – Information security management systems – Requirements” was released. The updated requirement document will replace ISO 27001:2013 over a three-year transition timeframe. ISO mandates that organizations seeking to maintain their ISO 27001 certification must transition to the 2022 revision of the standard by the end of the transition period in October 2025.
What is ISO 27001:2022 Certification?
Obtaining ISO 27001 certification serves as a differentiator for an organization. Having this certification is affirming to the Company’s suppliers, clients, and stakeholders that their business takes information security management seriously. ISO 27001 compliance certification is based on the satisfactory completion of an assessment. The assessment is based on assessment procedures detailed in ISO 27001:2022 and states that the ISMS is in line with Clause 4.4 of the standard and they have demonstrated compliance to an external auditor/ independent ISO certification body.
Certification demonstrates an organizations’ commitment to continual improvement, development, and protection of information assets/sensitive data by implementing appropriate risk assessments, policies and controls.
What is the cost of an ISO 27001 Certification Assessment?
The cost of an ISO 27001 certification audit varies based on several factors that affect the overall fees. These factors encompass the scope of the ISMS, the services offered by the organization, the number of physical and virtual locations to be audited, the organization’s size, and the number of subservice organizations involved, along with other relevant data identified. We focus on delivering an accurate, detailed, and dependable quote before starting the audit engagement.
How can an organization achieve ISO 27001 certification?
The certification processes conducted for the ISO 27001 Information Management System (ISMS) are well-defined and consistently repeatable.
The activities include the following steps:
- Step One: Complete the application process with Linford & Company.
- Step Two: Engage in pre-certification activities to assess the start date of the initial audit.
- Step Three: Begin the Initial Audit – Stage One and complete interviews and evidence collection.
- Step Four: Begin the Initial Audit – Stage Two and complete follow up from Stage One (as applicable) and Effectiveness Testing.
- Step Five: Obtain Year 1 of the 3 year ISO 27001 compliance certification.
- Step Six: Continued Improvement and Surveillance Audits Annually for Years 2 and 3.
Initial & Continuing Certification Activity Details
The following steps include the typical certification activities that Linford & Company adheres to, based on the required steps communicated in ISO guidance.
Initial Certification Activity
The application and pre-certification processes at Linford and Company are streamlined and efficient. Interested ISO applicants enter their Company applicant details into the “Request an ISO Certification Assessment“ form at the top of this services webpage. Applicants will then be contacted and provided with an application to gather additional scope consideration information that will be used to determine technology expertise, staffing requirements, and level of effort including auditor hours, and other scoping details. The applicant provides the requested details and returns the application to either isocompliance@linfordco.com or their primary contact at Linford & Company. Client acceptance activities will be performed along with impartiality considerations, and as appropriate based on the results of the client acceptance procedures, the applicant will enter into an executed certification agreement with Linford & Company.
Linford & Company will request artifacts and determine with the client that the initial audit is ready to commence.
Before the initial audit, the audit plan will be communicated to the client, and the audit dates will be agreed upon in advance. The audit program for the initial certification includes a two-stage initial audit.
Stage 1 Audit
An evaluation over the design of the ISMS is performed in Stage 1. Linford & Company will audit the ISMS documentation that supports the design of the ISMS. As part of this audit, inquiries will be made and documents supporting the ISMS scope—including personnel, services/products, and sites within the scope—will be reviewed and evaluated. During the evaluation of the ISMS scope, Linford & Company will request and verify that the organization has completed an internal audit, performs regular management reviews, and has performed an acceptable risk assessment that includes risk treatment. With all of this information evaluated, Linford and Company will determine the organization’s understanding of the standard, and whether its scope and resources included appear appropriate. At the conclusion of stage 1, it will be determined whether the client is prepared to move to stage 2.
Stage 2 Audit
The goal of stage 2 is to assess the implementation and operational effectiveness of the client’s management system. Linford & Company mandates that the stage 2 audit be conducted either at the client’s site(s) or through virtual meetings that provide evidence of the client’s desktop and cloud environments. At the conclusion of Stage 2, Linford & Company will determine if it will issue certification to the client based on the results of the Stage 1 and Stage 2 procedures.
When all certification steps are completed, Linford & Company will grant certification in the form of a certificate to the client. The initial three-year certification cycle starting date will be on or reasonably timed after the date of the certification decision.
If it is determined that the client does not meet the standards necessary for certification, then a certification refusal will be communicated to the client with sufficient details as to the rationale behind the decision.
Continuing Certification Activity
Surveillance Audits: In order to continue to hold the certification, continuing certification activity will need to take place. This is carried out through surveillance audits. Linford & Company will conduct surveillance audits at least once annually, except during recertification years. The first surveillance audit after initial certification must occur within 12 months of the documented certification cycle starting date.
Process to Maintain Certification: Along with the continuing certification activity of the surveillance audits, the expectation is that the client will continue to operate its controls and processes in the manner understood during the initial examination procedures. Linford & Company will enable the client to retain certification by demonstrating ongoing compliance with the management system standard requirements.
Refer to the attached PDF here for more information on the topics mentioned above, as well as details on the following:
- Procedures for Modifying the Scope of Certification
- Process for Renewing and Recertification
- Process for Restoring Certification
- Process for Withdrawing of Certification
- Complaints Process
- Appeals Process
- Process for Handling Information Requests
- ISO Interested Parties and Impartiality Policies
"*" indicates required fields
Big 4 IT Auditors
Our seasoned auditors streamline the intricate ISO requirements and provide comprehensive assessments efficiently.
Our
Partners
Our
Partners
Why Choose Linford & Company LLP?
Achieve ISO Certification
Demonstrate ISO compliance and achieve certification by partnering with a certifying body that employs only experienced auditors with experience in ISO certifications.
Flexible and Tailored Approach
Linford & Company tailors the audit process to meet the needs of our clients, and we leverage our own tools or our client’s chosen GRC platform to perform assessments.
Support from Experts
Our auditors have worked with dozens of clients to help them navigate the complexities of assessments based on ISO requirements.
Ready for an ISO Certification Assessment?
Looking to get ISO certified? Complete the form above, and we'll connect you with one of our expert auditors. We keep your contact information private and use it solely to communicate with you regarding your ISO audit. We do not sell or share your details with third parties.
"*" indicates required fields