ISO/IEC 27001:2022

Audit Processes

Assess your ISO/IEC 27001:2022 Compliance with Complade:

A Simplified Guide

Preparation is Key

Our team will reach out to guide you through the process and set the stage for your Initial audit. Please note that as your conformity auditors we will not offer consultation or implementation services. To implement ISO/IEC 27001 please refer to ISO/IEC 27001 Public website. Or reach out to your IT or security consulting firm. Complade team can give guidance on the process, explain the standard but will not engage on specifics of your environment.

Application Intake:

First step is to fill in this application to get started. Or email or call us.

Initial Audit

Stage 1 Audit:

Auditor will review your management system and share conformity assessment as you prepare for stage 2

Stage 2 Audit:

Once you feel prepared, an Auditor will conduct a comprehensive review to see if your management systems and procedures align with ISO/IEC 27001's standards. You’ll know the Auditor's recommendations on the same day, which will then be confirmed by our Compliance Team.

Annual Surveillance

The strength of ISO/IEC 27001:2022 lies in its focus on continuous improvement. To maintain your certification, we will schedule two annual review.

Re-certification:

Similar to surveillance, re-certification after 3 years from initial certification

Certification Transfer from a Different Certification Body:

Transferring certification from another certification body to Complade is permitted under specific conditions.

ISO/iec 27001 Certification Steps Summary

Step 1

Application Review

Step 2

Stage 1 Audit

Step 3

Stage 2 Audit

Step 4,5

2 Annual Surveillance

Step 6

Re-Certification

Start step 1: Submit your application here

How fast does it take to get certified?

Quick answer: 6 weeks. Click for a longer answer.

Long answer:

To achieve initial certification, the duration depends on the complexity of your organization. For a very small organization with 15 full-time employees and a few outsourced roles (such as bookkeeping and IT services personnel), and assuming your management system is implemented and ready for auditing, it takes about 6 weeks. Here is the rationale:

You submit the application form (1 business day).
The Complade back office team reviews the form and confirms the details with you, ensuring your organization is ready for an audit. You then sign the contract (approximately 2 business days).
The Complade back office team assigns an auditor to you, shares the audit plan, and lists the required documents, etc. (1 business day).
Assuming you have everything prepared and you submit the required information (1 business day).
The auditor conducts a document review (1-2 weeks; for simplicity, let's say 1 week, which equals 5 business days).
Assuming the auditor has no clarification questions and shares the timeline for a remote or in-person audit day (1 business day).
Conducting the audit (3-15 business days based on complexity).
Assuming there are no major non-conformities, and only a few minor ones for which you need to submit a corrective action plan (1 business day).
A second auditor reviews all the documentation (5 business days).
Assuming everything is satisfactory, congratulations, you receive your certificate.

In summary, the fastest scenario for achieving certification is 6 weeks.

If you have any questions, please contact us. We can provide more precise answers based on the dynamics of your organization.

How much ISO/IEC 27001 certification costs?

Quick answer: $2500 (or less) for very small organizations.

The cost for initial ISO/IEC 27001 for an organization with 9 people is CAD $2,500. For a detailed pricing guideline, please refer to our prices here or contact us. Additionally, if you are a non-profit organization, we offer a 30% discount as a token of appreciation for your community services. These are guidelines and must have official offer for a firm quote.

I am not ready, how do I prepare?

Quick Answer: Seek assistance from an implementer; we cannot provide implementation help.

Long Answer

Much like in accounting, where your accountant or bookkeeper cannot serve as your financial auditor, Complade does not offer consultation or implementation services, nor do we provide "templates." Our objective is to assure you that your information risks and controls are adequately balanced. Offering implementation advice or templates would compromise the integrity of our audit process. It wouldn't make sense for us to identify non-conformities in procedures we advised you to implement, would it? Just as your accountant cannot audit their own financial records, an implementer responsible for implementing and maintaining your Information security management system cannot audit their own processes.

The good news is that there are many implementers and tools available to help you implement the ISO/IEC 27001 standard. We do not endorse or recommend any specific organizations. You might consider asking your IT services provider for assistance. Once you're ready, reach out to us. It makes no difference to us who assists you in implementing and maintaining your systems; our role is to assess your compliance impartially and provide you with a fair report and certification.

Additional Information

For a more detailed understanding of our audit process, we invite you to download our Audit Process Policy. This comprehensive guide outlines the procedures, requirements, and standard practices that we adhere to.

Download Audit Process Policy

If you have further questions or wish to discuss your specific needs, please don't hesitate to contact us today for a certification process review. Our team is always available to guide you through the steps needed to achieve your cybersecurity certification goals.