1. Introductory Meeting (upon request)
An overview of the certification process, conducted either remotely or in person.
2. Pre-Assessment
For ISO/IEC 27001 certification, we strongly recommend conducting a pre-assessment ("pre-audit") approximately 3–4 months before the planned certification audit. Although optional, this assessment has proven highly valuable. It provides an independent evaluation by the auditor(s) who will conduct the certification audit, offering insight into the maturity of your Information Security Management System (ISMS) and identifying the areas where the remaining preparation time should be focused.
3. Two-Stage Certification Audit
In the first stage, the auditor evaluates the readiness of your Information Security Management System (ISMS) for the Stage 2 certification audit. Stage 1 is preferably conducted on-site at your organization, although it can also be carried out remotely if appropriate.
Stage 2 consists of the certification audit itself and is primarily conducted on-site at the organization's locations to verify that the management system complies with the requirements of ISO/IEC 27001 and is effectively implemented.
4. Certification Decision
The certification committee makes the certification decision based on the audit report.
5. Certificate and DEKRA Seal
Following a positive certification decision, your organization is awarded an ISO/IEC 27001 Certificate and, where applicable, the DEKRA Seal.
6. First Surveillance Audit
The first surveillance audit is conducted 12 months after the initial certification or recertification.
7. Second Surveillance Audit
The second surveillance audit is conducted 24 months after the initial certification or recertification.
8. Re-certification
Recertification takes place three years after the initial certification decision. After successful recertification, the certification cycle continues with the certificate, surveillance audits, and subsequent recertification.