<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu

Hamburger-menu.png
MobileSearchIcon.png

    A PATHWAY TO SUCCESS

    OUR ISO PROCESS

    Our process is unlike any other. When you choose Schellman for your compliance, you’ll receive a team of experts solely dedicated to your needs. We never miss a deadline and we complete our process efficiently with unmatched quality.

    The Schellman methodology was developed focusing on the end-goal forward. Schellman understands what security and compliance teams need to see in a deliverable and has built the framework to ensure those goals and objectives are met.

    1. Project Initiation

    Schellman commences all of its assessments by scheduling a kickoff conference call and providing the client with the following planning documents:

    • Comprehensive project plan and audit schedule of onsite and remote audit time as well as interview schedule, project updates, status meetings, and delivery milestones.
    • Information request lists – Excel-based information request lists detailing all audit evidence required for assessment by Schellman.

    2. Remote Information Gathering

    Schellman will provide the client with access to a secure online collaboration tool where all audit evidence can be deposited. The project team will be available to the client should any technical personnel have questions related to the audit evidence required.

    3. Certification Review Process

    Stage 1 Review
    The Stage 1 review, as defined by ISO 27001, includes the onsite review of the ISMS including documentation reviews and interviews of key employees. At the conclusion of the Stage 1 review, a findings document will be issued highlighting any deficiencies identified by Schellman and for each finding, a separate nonconformity report will be issued. In addition, a formal Stage 1 report will be issued to the client, noting activities performed, results of the testing, as well as project next steps.

    Stage 2 Review
    Generally speaking, and assuming all applicable requirements have been met, the second stage of this assessment culminates in the formal certification per the standard.

    The Stage 2 review assesses the client’s implementation of its ISMS. It includes the review and re-assessment of any non-conformity identified in the Stage 1 review as well as testing of the in-scope controls from Annex A per the client’s statement of applicability. At the conclusion of the Stage 2 review, a findings document will be issued highlighting any deficiencies identified by Schellman and for each finding, a separate nonconformity report will be issued. In addition, a formal Stage 2 report will be issued to the client, noting activities performed, results of the testing, as well as a recommendation to issue or delay the formal certificate.

    Once the recommendation is made to issue the certificate and that recommendation is accepted by the certification decision maker, the certificate and seal are issued to the client.

    4. Reporting and Deliverables 

    As identified above, each step will have its appropriate reporting and deliverables which are listed in the following section.

    5. Project Closure

    Every Schellman project utilizes a consistent project closure process that includes a closing meeting. In this meeting, any remaining items related to the project are identified and action items assigned. In addition, Schellman will provide additional observations to the client that may assist them in future years’ audits. These observations are not included in any formal report and are for the client’s use only as a value-add.

    6. Annual Recurring Audits 

    ISO 27001 certification is good for three years. In years 2 and 3, there is an onsite surveillance audit which includes a brief onsite review to confirm that the ISMS remains to be in conformance with the requirements as well as with the internal policies and procedures. 

    Other Certification Processes and Scope Reduction

    Schellman provides audit and certification services in full accordance with all relevant standards. Our audit and certification process is provided to prospective clients and addresses each major stage of the audit and certification processes. Prospective clients are also informed of their rights and obligations when applying for certification of a management system and following certification of a management system.

    The process for granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of certification is the same for all certification services – ISO 27001, ISO 9001, ISO 20000, and ISO 22301.  Each audit culminates with a report and supporting evidence which is provided to our decision maker that is responsible for determining the action pertaining to the certification (i.e. granting, refusing, maintaining, renewing, etc.).  A certification will not be acted upon until the decision has been made by the certification decision maker.  Once the decision has been formalized, the proper and corresponding action will be taken by the audit team in communication to the client.

    The scope, timing and deliverables of our services, as well as the rights and obligations of both parties are documented in a fully executed agreement between Schellman and a client prior to the commencement of any audit or certification services.