ISO 27001

ISO 27001 is a universal standard designed for organizations worldwide. ISO 27001 pushes organizations to establish, maintain, and continually improve their information security management system (ISMS) to boost customer confidence. 

The ISO 27001 certification lifecycle involves the following:

Initial Certification - Stage 1

An auditor reviews ISMS documentation to ensure the appropriate policies and procedures are in place.

Initial Certification - Stage 2

An auditor reviews business processes and security controls to verify that your ISMS meets ISO 27001 requirements—passing Stage 2 results in ISO 27001 certification, valid for 3 years.

Surveillance Audit 1 and 2

Evaluate your ISMS and a sample of your controls. Two surveillance audits; one each subsequent year following initial certification.

Recertification Audit

The recertification audit occurs during the year of the ISO 27001 certificate expiration. Similar to Stage 2, this audit evaluates the evidence to prove your ISMS and controls are effective and that they meet the ISO 27001 requirements. Passing a recertification audit will renew the ISO 27001 certification period for the next 3 years.