Audit and Certification process
OCD Tech-ISO provides ISO 27001 audit and certification services to our clients in accordance with ISO 17021-1:2015 and ISO 27006 Standards.
The scope of certification services offered is limited to third party conformity assessment of clients’ information security management systems against the international standard ISO 27001.
Audit Program
Based on the application and intake data, OCD Tech-ISO will develop an audit program for the client, based on their intended scope, size, and other factors. The audit program shall cover the full three-year certification cycle and will clearly identify the audit activities required to demonstrate that the client’s management system fulfils the requirements for certification to ISO 27001 and other applicable requirements. This shall include calculation of the audit scope, any audit sampling (if used), remote auditing methods to be used, audit duration, and other factors.
Planning Audits
OCD Tech-ISO will then develop an audit plan defining the audit objectives, scope, and criteria for each audit. This shall include determination of the audit team members, use of technical experts, use of remote auditing methods, audit event duration, and execution of any requirements detailed in the audit program.
Conducting Audits
Conformity assessment audits shall then be conducted to verify the conformity of the client’s management system against the applicable standard and requirements. These activities include all necessary audits (initial, surveillance, recertification, and special audits) and the reporting of audit results. This includes completion of the official Audit Report, which contains evidence of findings and the final certification recommendation.
Certification Decision
Based on a review of the audit results derived from the conformity assessment audits, OCD Tech-ISO will determine a certification decision. Such decisions include granting certification, denying certification, suspending certification or withdrawing certification. This may also include reducing the scope of certification.
Maintaining Certification
OCD Tech-ISO performs routine surveillance audits to ensure the client has maintained their conformity to the standard, and thus should maintain their certification. At the end of the certification cycle, a client must undergo re-certification if it has elected to maintain OCD Tech-ISO as its certification body.
Reference to Certification
OCD Tech-ISO has developed rules limiting the way in which clients may reference their certification. This is done to ensure that references to certification are not made in any way that is deceptive, misleading or may otherwise impugn the reputation of OCD Tech-ISO or its services.
Adherence by the clients to these rules is enforced through a legally-enforceable contract with each client.
Use of Marks
OCD Tech-ISO has developed rules governing its certification marks. These rules ensure traceability back to OCD Tech-ISO and the individual certified client. The certificates ensure three is no ambiguity in the mark or accompanying text as to what has been certified and which certification body has granted the certification.
Adherence by the clients to these rules is enforced through a legally-enforceable contract with each client.