ISO 27001 / ISO 22301:

The certification process

Presenter: Dejan Kosutic

 How does ISO 27001 / ISO 22301
certification process work, and how to deal
with it.
If your company is going for the
certification, you are probably not looking
forward to it.
You can change the negative experience of
certification into a rather positive one!

©2021 27001Academy www.advisera.com 2

 You’ll have the greatest benefit of
the certification if you approach it
from the positive side!

©2021 27001Academy www.advisera.com 3

Agenda

• About certification bodies

• 3 steps in the certification process
• Dealing with nonconformities
• What to expect from auditors
• When to go for certification
• The benefits of certification
• What is it you’re afraid the most?

©2021 27001Academy www.advisera.com 4

Certification bodies

• They must be accredited by national

accreditation body (e.g., UKAS)
• How to choose the certification body?
• The cost of certification
• Certification is not mandatory!

©2021 27001Academy www.advisera.com 5

3 steps in the certification process

Stage 1 Stage 2
Surveillance
audit audit
visits (3-year
(Document (Main
period)
review) audit)

©2021 27001Academy www.advisera.com 6

Dealing with nonconformities

• What is a nonconformity?
• How are they documented?
• Major / minor – the differences
• What if a major nonconformity is raised?

©2021 27001Academy www.advisera.com 7

What to expect from certification
auditors

• 3 methods of collecting evidence

• What the auditor can and cannot do
• They are auditing, not consulting
• The mindset of an auditor

©2021 27001Academy www.advisera.com 8

Key things the auditor will be
looking for

Mandatory
documen-
Activities tation
comply Activities
with comply with
standard own docu-
mentation

©2021 27001Academy www.advisera.com 9

When to go for certification

• All mandatory documents are written

• ISO 27001 – Risk Treatment Plan controls
• Internal audit (Report) + corrective actions
taken
• Management review (Minutes)
• You are really doing what you have
documented

©2021 27001Academy www.advisera.com 10

The benefits of certification

Marketing

Decreasing Getting
costs priority
Objective
input

©2021 27001Academy www.advisera.com 11

What is it you’re afraid the most
about the certification?

• The upcoming changes to ISO 27001

• Very complex matter with many moving parts
• How much time and investment it takes in the
implementation and alignment
• Did not recognize all risks and have not
planned all necessary technical controls
• The contents of the existing documentation
are not what the auditor was looking for

©2021 27001Academy www.advisera.com 12

Conclusion

You really can take a positive approach to

your certification, and benefit from it

Check out if you have prepared everything

before calling the certification body

©2021 27001Academy www.advisera.com 13

Q&A

Dejan Kosutic
 Thank you!
http://advisera.com/27001academy/webinars