Understanding the Certification Process
ISO/IEC 27001 certification (also known as “registration”) is granted by a third-party, such as PECB, upon verifying through an audit that the organization is in compliance with the requirements of the ISO/IEC 27001 standard. This certification is then maintained through scheduled annual surveillance audits by the registrar, with re-certification of the Information Security performed on a triannual basis.
- Step 1. Pre-Audit (Optional)- It must be done at least 3 months before Certification Audit
- Step 2. Audit Plan – Plan for audit has to be mutually agreed
- Step 3. Audit Stage 1 & 2 – Non-conformities must be closed at least 3 months after audit conclusions
- Step 4. Initial Certification – Certificate will be issued within 2 weeks after successful audit closing
Once certification has been obtained, the organization will be subjected to two surveillance audits within 24 months from the initial certification:
- 1st Surveillance Audit– No longer than 12 months from the initial certification audit
- 2nd Surveillance Audit – No longer than 12 months from the 1st surveillance audit
For more, please see the document below Understanding the Certification Process or visit or visit www.pecb.com/management-systems.
If your company is interested to obtain the ISO/IEC 27001 certification, Apply here.