Contact Us

Certification Process

Certification is a means of providing assurance, a level of confidence and trust that is established by an impartial and competent assessment by a third party.

  • Home
  • Certification Process
Risk Associates strives to provide our clients with Independent and Impartial certification services carried out by industry-recognized auditors with extensive experience and knowledge.
ISO/IEC 27001 Certification

A Seamless Process with Risk Associates

Initial Meeting &

Objective Definition

Project Planning

& Pre-Audit (Optional)

Stage 1 and 2

Certification Audit

System

Evaluation &
Certification

Ongoing Support &

Surveillance Audits

ISO/IEC

27001
Recertification

Application

The certification process begins with the submission of an application form to Risk Associates. This provides the key details of your organisation, the scope of activities to be certified, and any relevant information about sites, services, or products. A complete application allows us to plan the certification activities effectively from the outset.

Application Review

Once the application is received, Risk Associates carries out a formal review. This ensures that the requested scope is clearly defined, achievable, and within the competence of our audit team. Any clarifications are resolved at this stage to ensure both parties have a shared understanding before certification activities begin.

Certification Agreement

Before moving forward, a formal certification agreement is established between Risk Associates and the client organisation. This document sets out the responsibilities of both parties, the impartial nature of the assessment, and the terms under which certification services will be delivered. The agreement ensures transparency and compliance with UKAS accreditation requirements.

Stage 1 Audit

The Stage 1 audit focuses on evaluating the design and documented information of the management system. Auditors review policies, procedures, and records to determine whether the framework has been developed in line with ISO/IEC 27001. The outcome of this stage is to confirm readiness for the Stage 2 audit and highlight any areas that may require attention in advance.

Stage 2 Audit

The Stage 2 audit is a comprehensive assessment of how the management system has been implemented and how effectively it functions in practice. Auditors gather evidence through interviews, observation, and record checks to confirm that the system meets the requirements of ISO/IEC 27001 across the defined scope. This stage provides assurance that the organisation is operating its ISMS effectively.

Certification Decision and Issuance

Following the audits, Risk Associates undertakes an independent review of the audit team’s findings. If the organisation is shown to conform to ISO/IEC 27001, certification is awarded for a three-year cycle. A certificate is issued, subject to successful completion of ongoing surveillance audits during the cycle.

First Surveillance Audit

Within 12 months of certification, a surveillance audit is carried out. The purpose of this audit is to confirm that the management system remains effective and that it continues to meet the requirements of the standard. It also provides an opportunity to review any improvements introduced since certification.

Second Surveillance Audit

The second surveillance audit takes place during the following year of the certification cycle. At this stage, the audit not only reviews ongoing compliance but also allows for potential changes in the scope of certification, such as adding or removing sites, services, or products. This ensures the certification remains aligned with the organisation’s current operations.

Recertification Audit

At the end of the three-year certification cycle, a full reassessment of the management system is undertaken. The recertification audit evaluates both the effectiveness of the ISMS and its ability to achieve continual improvement. Successful completion leads to the renewal of certification for a further three-year cycle, ensuring ongoing recognition of conformity with ISO/IEC 27001.

1. Initial Meeting & Objective Definition
We begin with a detailed discussion about your organization, your management system, and your ISO/IEC 27001 certification objectives. Based on this conversation, we provide a tailored offer aligned with your unique needs.
2. Project Planning and Pre-Audit (Optional)
For larger certification projects, we offer a planning meeting to develop a customized audit program. This step helps identify areas of improvement and strengths in your management system.
3. Stage 1 and 2 Certification Audit
Our expert auditor conducts a system analysis (Stage 1) and assesses the effectiveness of your management processes on-site (Stage 2). You receive a comprehensive report with insights for improvement.
4. System Evaluation & Certification
Upon successful completion of the certification audit, an evaluation of your management system takes place. If your organization meets all the standard requirements, you'll be granted the prestigious ISO/IEC 27001 certificate, a testament to your commitment to information security.
5. Surveillance Audits
We conduct surveillance audits to ensure your organization continues to meet ISO/IEC 27001 requirements, providing ongoing support for continuous improvement.
Search Risk Associates directory for RA's certified clients and valid certificate numbers, certificate or license. Email us at certification@risk-associates.org
6. Recertification
ISO/IEC 27001 certification is valid for a maximum of three years. When it's time for recertification, we initiate the process to ensure ongoing compliance with standard requirements.

Request the Application Package

Risk Associates is a renowned certification body offering audits and certification services.

Contact Us
View Privacy Policy
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. View Privacy Policy