Schellman commences all of its assessments by scheduling a kickoff conference call and providing the client with the following planning documents:
Schellman will provide the client with access to a secure online collaboration tool where all audit evidence can be deposited. The project team will be available to the client should any technical personnel have questions related to the audit evidence required.
Stage 1 Review
The Stage 1 review, as defined by ISO 27001, includes the onsite review of the ISMS including documentation reviews and interviews of key employees. At the conclusion of the Stage 1 review, a findings document will be issued highlighting any deficiencies identified by Schellman and for each finding, a separate nonconformity report will be issued. In addition, a formal Stage 1 report will be issued to the client, noting activities performed, results of the testing, as well as project next steps.
Stage 2 Review
Generally speaking, and assuming all applicable requirements have been met, the second stage of this assessment culminates in the formal certification per the standard.
The Stage 2 review assesses the client’s implementation of its ISMS. It includes the review and re-assessment of any non-conformity identified in the Stage 1 review as well as testing of the in-scope controls from Annex A per the client’s statement of applicability. At the conclusion of the Stage 2 review, a findings document will be issued highlighting any deficiencies identified by Schellman and for each finding, a separate nonconformity report will be issued. In addition, a formal Stage 2 report will be issued to the client, noting activities performed, results of the testing, as well as a recommendation to issue or delay the formal certificate.
Once the recommendation is made to issue the certificate and that recommendation is accepted by the certification decision maker, the certificate and seal are issued to the client.
As identified above, each step will have its appropriate reporting and deliverables which are listed in the following section.
Every Schellman project utilizes a consistent project closure process that includes a closing meeting. In this meeting, any remaining items related to the project are identified and action items assigned. In addition, Schellman will provide additional observations to the client that may assist them in future years’ audits. These observations are not included in any formal report and are for the client’s use only as a value-add.
ISO 27001 certification is good for three years. In years 2 and 3, there is an onsite surveillance audit which includes a brief onsite review to confirm that the ISMS remains to be in conformance with the requirements as well as with the internal policies and procedures.
Schellman provides audit and certification services in full accordance with all relevant standards. Our audit and certification process is provided to prospective clients and addresses each major stage of the audit and certification processes. Prospective clients are also informed of their rights and obligations when applying for certification of a management system and following certification of a management system.
The process for granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of certification is the same for all certification services – ISO 27001, ISO 9001, ISO 20000, and ISO 22301. Each audit culminates with a report and supporting evidence which is provided to our decision maker that is responsible for determining the action pertaining to the certification (i.e. granting, refusing, maintaining, renewing, etc.). A certification will not be acted upon until the decision has been made by the certification decision maker. Once the decision has been formalized, the proper and corresponding action will be taken by the audit team in communication to the client.
The scope, timing and deliverables of our services, as well as the rights and obligations of both parties are documented in a fully executed agreement between Schellman and a client prior to the commencement of any audit or certification services.
Discover how the Schellman & Company Advantage can help you. Fill out the form below.