ISO/IEC 27001 Management Certification Services

After the certification audit, the audit report and the collected artifacts will feed the certification decision process. Any major nonconformities must be remediated prior to certification. If anything arises during the audit process where the client can’t or won’t remediate the identified nonconformities, we will not be able to grant certification.

Additionally, for clients to maintain their certification for the three-year cycle, they need to participate in surveillance audits each year. If clients don’t undergo surveillance audits, their certification will be suspended. The certificate can be restored after the client completes their surveillance audit and remediates any nonconformities.

Before the end of the three-year cycle, the client must undergo a recertification audit. This audit is very similar to the initial certification audit in that all clauses and controls are tested. This audit must be completed with enough time for the client to remediate any uncovered nonconformities. Failure to complete the recertification audit, or to remediate any nonconformities, will result in a gap of certification.

At any point within the audit cycle, the client can withdraw from the certification. At that time, all certificates and certification marks shall be removed from any marketing, including signage, websites, etc. that might mislead the public into believing the client is still certified. Additionally, if it is determined that a certified client is making misleading statements about their certification, what the scope of their certification is, or generally misleading the public, Sensiba may withdraw their certification.

Due to client wishes, or because of continued nonconformities in given areas, we may reduce the scope of certification. Additionally, where a certified client adds additional products, services, or locations, it is possible to also expand the scope of certification.

Upon certification, we will issue a mark or logo that can be added to the client’s marketing materials and websites. The certified client has our permission to utilize that mark as long as it isn’t altered in any way. The certified client is not allowed to use any other mark indicating that they are ISO/IEC certified. This includes the ISO logo, the ANAB logo, or the IAF logo.

Additionally, when referencing their certification status, the client must ensure they indicate that they are certified by Sensiba LLP. The certification mark or statements about certification shall not be misleading and shall not indicate that a product is certified. We are certifying a client’s management system, not a product or service.

Anyone wishing more information about our ISO-related offerings, as well as validating that a client claiming to be certified is, in fact, certified, can send an email to iso@sensiba.com. For complaints and appeals, please email complaints@sensiba.com with as much information as possible.

We endeavor to be as impartial as possible. We do not provide management systems consulting services. We do not provide ISMS/PIMS internal audits for clients that we certify. Additionally, we do not pay or receive payment for referrals. If you need to report anything related to impartiality with regard to our ISO program, please email complaints@sensiba.com.