We follow a structured, transparent, and efficient approach to certification. Our process ensures that your organisation’s management system meets international standards while aligning with your business objectives.
The Process
Step-by-Step Certification Process
Simplifying Certification
Learn how RACERT supports your journey with a structured and clear certification process.
Global Standards
Explore internationally recognised ISO and ISO/IEC standards that fits your industry and business goals.
Certification is a means of providing assurance
A level of confidence and trust that is established by an impartial and competent assessment by a third party.
RACERT strives to provide our clients with Independent and Impartial certification services carried out by industry-recognized auditors with extensive experience and knowledge.
Following our simple 6 phase process:
Application
Review
Assessment
Readiness
Stage 1
Audit
Stage 2
Audit
Certificate
Decision
Certification
Maintenance
Certification is a means of providing assurance
A level of confidence and trust that is established by an impartial and competent assessment by a third party.
RACERT strives to provide our clients with Independent and Impartial certification services carried out by industry-recognized auditors with extensive experience and knowledge.
Following our simple 6 phase process:
Step - 01
Application Review
We review and discuss your application for ISO/IEC 27001 certification, the scope, timelines, and our deliverables.
We will provide you a formal agreement and once accepted we shall then appoint a qualified and competent auditor who will guide you and your company through the following assessment process.
Step 02
Pre-Assessment Readiness
(Optional)
We review your existing ISMS and related documentation in relation to the requirements of the standard and readiness for certification. The assessment will assist in identifying any non-conformities, allowing you time to address these prior to starting the formal certification audit.
This will entail to ensure the following are documented and operational:
- Information Security Management System (ISMS)
- Risk management process, risk register and risk treatment plan
- Statement of Applicability (SoA)
- Policies and procedures for the operation of the ISMS
- Evidence of continual improvement (internal audits, monitoring, etc.)
Step - 03
Stage 1 Audit
The initial certification audit consists of two audit stages. The first stage, can be conducted both remotely and on-site at your premises and may include multiple sites depending on your scope, consists of a review of your management systems and documentation as the first stage in the certification process. We assess mandatory documents and management system requirements have been met from a design and implementation perspective.
At the end of Stage 1, an audit report will be provided, identifying non-compliance and improvement opportunities that will need to be addressed prior to proceeding to the second stage audit.
Step 04
Stage 2 Audit
The second stage audit, is conducted onsite, which includes an in-depth assessment to ensure the effectiveness of the management system and the implemented controls.
At the end of Stage 2, an audit report will be provided, identifying non-compliances and improvement opportunities that are required to be addressed prior to the certification can be provided as part of the recommendation for certification.
Step 05
Certificate Decision
Following the successful stage two audit, the Certification Manager shall make a decision on whether to grant certification based on a review of the work performed and the auditor’s recommendation.
Successful certification audit, you will receive an ISO/IEC 27001:2022 certificate, certification logos, and use of certification marks policy.
Certification is valid for a 3-year period and is subjected to annual surveillance audits.
Step 06
Certification Maintenance
Certification is valid for a 3-year period and consist of two surveillance audits in year 2 and 3 of the certification cycle. We will conduct an annual Surveillance Audit to check the ongoing implementation of management systems which entails a risk-based onsite review of the management system to determine if any significant or relevant changes that affect the ISMS compliance with the standard and continually improves.