Certification is a means of providing assurance, a level of confidence and trust that is established by an impartial and competent assessment by a third party.

Risk Associates strives to provide our clients with Independent and Impartial certification services carried out by industry-recognized auditors with extensive experience and knowledge. Following our simple 5 phase process:

1: Application Review

We review and discuss your application for ISO/IEC 27001 certification, the scope, timing, and our deliverables. We will provide you a formal agreement and once accepted we shall then appoint a qualified and competent auditor who will guide you and your company through the following assessment process.

2: Pre-Assessment Readiness (Optional)

We review your existing ISMS and related documentation in relation to requirements of the standard and readiness for certification. The assessment will assist in identifying any non-conformities, allowing you time to address these prior to starting the formal certification audit.
This will entail to ensure the following are documented and operational:

Define your strategy

Information Security Management System (ISMS)

Define your strategy

Risk management process, risk register and risk treatment plan

Define your strategy

Statement of Applicability (SoA)

Define your strategy

Policies and procedures for the operation of the ISMS

Define your strategy

Evidence of continual improvement (internal audits, monitoring, etc.)

3: Stage 1 Audit

The initial certification audit consists of two audit stages. The first stage, can be conducted both remotely and on-site at your premises and may include multiple sites depending on your scope, consists of a review of your management systems and documentation as the first stage in the certification process. We assess mandatory documents and management system requirements have been met from a design and implementation perspective.

At the end of Stage 1, an audit report will be provided, identifying non-compliance and improvement opportunities that will need to be addressed prior to proceeding to the second stage audit.

4: Stage 2 Audit

The initial certification audit consists of two audit stages. The second stage audit, conducted onsite, includes in-depth assessment to ensure the effectiveness of your management system and of the implemented controls. At the end of Stage 2, an audit report will be provided, identifying non-compliance and improvement opportunities that will need to be addressed prior to certification can be provided as part of the recommendation for certification.

Following the successful stage two audit, the Certification Committee shall make a decision on whether to grant certification based on a review of work performed and auditor’s recommendation. Successful certification audit, you will receive an ISO/IEC 27001:2013 certificate, certification logos and associative rules. Certification is valid for a 3-year period and is subject to annual surveillance audits.

5: Certification Maintenance

Certification is valid for a 3-year period and consist of two surveillance audits in year 2 and 3 of the certification cycle. We will conduct an annual Surveillance Audit to check the ongoing implementation of management systems which entails a risk-based onsite review of the management system to determine if any significant or relevant changes that affect the ISMS compliance with the standard and continually improves.

Request the Application Package

Contact Us