Stage 1 Audit This usually takes place at client’s premises. Documentation review(review of ISMS ISO 27001 manual, ISMS ISO 27001 procedures, other documents required by ISO 27001 standard)

Stage 2 Audit Certification body audit on-site practice and the records to ensure compliance with ISO 27001 and your information security management system.

Certification Following the audit, the auditor’s report goes before the independent board for review. Certification body also reviews the corrective actions you have implemented to resolve any non-conformances raised.

Surveillance Certificate remains valid for a period of three years and is monitored at regular intervals by a registered auditor with information security experience. Validity of ISO 27001 certificate is subjected to successful surveillance audit.