Working toward ISO 27001 certification can be an overwhelming endeavor. Here at BARR Certifications, we are committed to guiding you through the engagement process as you work towards ISO 27001 certification. We’ve identified a proven, step-by-step approach so you know exactly what to expect when partnering with BARR. Let’s get started.
To request BARR Certifications services, you’ll want to contact us to let us know you’re interested. You can expect to hear from a BARR associate within 24 hours. Next, we will conduct a client evaluation and engagement acceptance review. We’ll need information over your Information Security Management System (ISMS) scope and boundaries of the system to determine fee arrangements and resourcing needs.
This includes information like the approximate number of people, infrastructure, software components, key activities and data, and locations (physical and virtual) of the ISMS. If your organization has a Statement of Applicability or other ISMS scoping documentation, let us know, as these items are also helpful.
A formal readiness assessment against the ISO/IEC 27001 standard is also helpful in preparing organizations for initial certification. While a pre-assessment is not a requirement, it identifies ISMS deficiencies to the ISO/IEC 27001 standard.
This step involves two stages.
Stage 1:
First, we will evaluate the management system and documentation with a primary focus on the design of the system. You can expect this stage to take approximately two to three days to complete with the following;
Stage 2:
Next, we will evaluate the implementation and effectiveness of the management system. This stage is performed either remotely or at the client location(s) and can often be completed within one to two weeks with the following:
The initial certificate issued is valid for three years from the issuance date. At least annually, surveillance audits are conducted to ensure the certified organization is able to maintain its compliance to the standard. These audits include limited testing and an onsite review to determine the impact of any significant changes since the original certification.
Arrangements for recertification are planned before the certificate expires. Recertification activities include a full audit of the ISMS.
If during the 3-year certification period there are changes in scope of the certification (i.e., reduction or expansion) or changes to requirements, this will be discussed with the BARR Certifications team.
If you’re interested in BARR Certifications ISO services, please contact us to get started.