ISO 27001 Certification

Ensure your cybersecurity program is designed to keep you safe.

ISO 27001 specifies requirements for Information Security Management Systems (ISMS) and provides practical guidance for information security management. The ISO 27001 security standards comprise what are arguably the most widely accepted and broadly applicable framework for establishing, managing, and assessing an organization’s information security management system.

Being ISO 27001 certified demonstrates to your clients that you are taking a proactive approach to mitigating cybersecurity risk. ISO 27001 certification is invaluable for monitoring and maintaining an organization’s ISMS. Plus, this certification sends a message to potential clients and business partners that they can be confident in your data security practices, giving you an edge over competitors lacking an ISO 27001 certification.

ISO 27001 Certification Audit Process

There are two audit stages that must be completed in order to achieve initial ISO 27001 certification.

Stage 1 Audit is sometimes called the “documentation review” or “pre-assessment” where our auditors perform a high-level review of your ISMS and determine if your policies and procedures are in place to conduct an audit. This stage is typically completed on-site in order to establish that the organization has met the minimum requirements of the ISO 27001 standard and is prepared for a certification audit. Our auditors will also highlight any areas of nonconformity and point out where potential improvements can be made.

During a Stage 2 Audit, our auditors will conduct a thorough assessment to determine if your organization’s ISMS is within compliance of the ISO 27001 standard. They do this by seeking evidence of the organization’s current policies and procedures. If any nonconformities are found, our auditors will provide feedback on how your organization can gain compliance. Upon successful completion, we are able to issue a report validating ISO certification.

Your certification will be valid for three years, and annual surveillance audits are conducted during the second and third years after your initial certification or recertification. During these audits, we will conduct an overview of your ISMS and check if there have been any significant or relevant changes to your system or scope. 

Compass Rose will conduct a recertification audit before the end of the three-year term to ensure continuity of your management system certification. During this audit, we’ll evaluate the improvements and audit trails established in the previous certification cycle and will perform more detailed inspections compared to the surveillance assessments.

Learn more about ISO 27001 Certification.

You deserve a conversation, not a questionnaire.

We build long-term relationships through trust and value. If you’re looking for a trusted business advisor to build your holistic compliance strategy, let’s chat!