ISO 27001 Certification

ISO/IEC 27001 Compliance

ISO/IEC 27001 outlines the requirements for establishing, implementing, maintaining, and continually improving an organization’s information security management system (ISMS). It is an internationally accepted standard and is a valuable way to differentiate your organization as it demonstrates compliance with industry standards and your commitment to keeping information secure.

Get Certified

Certification Process

The following certification activities are performed as part of the ISO/IEC 27001 Information Management System (ISMS) certification:

Pre-certification Process

New application requests for certification services can be sent through our contact us page. Johanson Group LLP will then conduct a client evaluation. As part of the process, the client will provide information pertaining to the ISMS scope, boundaries of the system, and other relevant documentation in order to determine fee arrangements and resourcing needs. This includes information about the approximate number of people, infrastructure, software components, key activities and data, and locations (physical and virtual) of the ISMS. If available a Statement of applicability and other ISMS scoping documentation are helpful in completing this process. 

Initial Certification Audit

The initial certification audit is conducted in two stages as follows:

Stage 1 Audit

An evaluation is performed in several steps of the management system and documentation with a primary focus on the design of the system. First, Johanson Group LLP will audit the ISMS documentation. Second, an evaluation of the ISMS scope including personnel, services/products, and sites included within the scope. Third, the auditor verifies that the organization has completed an internal audit, management review, and accepted risk registry and treatment. Finally, the organization’s understanding of the standard, including the scope of the audit and resources will be evaluated. Much of the information reviewed during stage 1 will help in the planning for stage 2.

Stage 2 Audit

The second stage of the initial certification involves detailed testing to determine if the organization has effectively implemented and is consistently monitoring its ISMS in accordance with ISO/IEC 27001. This stage is performed onsite with the organization’s process owners at its various locations as detailed in the audit plan. Johanson Group LLP will then determine if it will issue certification to the client

ISO 27001:2022 Transition Guide for Clients

ISO/IEC 27001:2022 “Information security, cybersecurity and privacy protection – Information  security management systems – Requirements” was released in October 2022 and is set to  replace ISO 27001:2013 in a three-year transition period. All organizations that wish to remain  certified to ISO 27001 will need to transition to the 2022 revision of the standard within the set  transition period which is expected to end in October 2025.

Additional Information

Agreement for Client Certification

Ready to Get Started?

Additional Resources