Illustrate your conformity to ISO 27001 and 27701 to customers and interested parties by obtaining ISO 27001 and ISO 27701 Certification.

Marcum ISO 27001 and ISO 27701 Certification Marketing Guidelines

Obtain ISO 27001 and 27701 Certification to demonstrate the conformity of your Information Security Management Systems (ISMS) and Privacy Information Management System (PIMS) requirements and create a framework that illustrates your security and privacy posture to current and potential organizations.

ISO 27001 provides an international standard and methodology for the implementation, management and maintenance of information security for organizations. Obtaining ISO 27001 certification demonstrates conformity of your Information Security Management System (ISMS) requirements and is a framework that can illustrate your security posture to current and potential organizations.

ISO 27701 is an extension to the ISO 27001 Information Security Management System (ISMS) and provides an international standard and methodology for the implementation, management and maintenance of privacy for organizations.

ISO 27001 Certification Process

ANSI National Accreditation Board

Marcum RAS, LLC is a certification body for ISO 27001 and ISO 27701 Accredited by ANAB: ANSI National Accreditation Board, located in Tampa, Florida, and can provide your organization with the following services:

Scope Assessment

As part of the initial engagement, we will perform a comprehensive assessment of the services and systems under review. After obtaining a clear and thorough understanding of our client’s environments, we will customize an audit plan and provide access to an online collaboration tool that includes all required documentations, identification of key personnel from both Marcum RAS, LLC and the client and documented target milestones within our project calendar.

Stage 1 Audit

As part of the Stage 1 audit, Marcum RAS, LLC reviews your company’s documentation to confirm it is in compliance with the requirements of ISO 27001 and ISO 27701. At the completion of this stage, clients are provided with a detailed report identifying any nonconformities. In addition to the deficiencies/nonconformities report, Marcum RAS, LLC will provide you with a roadmap of next steps.

Stage 2 Audit

Once your organization completes Stage 1, you move into Stage 2, which tests the conformance of the ISMS and PIMS. During the onsite audit, we will perform testing procedures such as interviews, observation of processes and inspection of artifacts to determine and document conformance.

Surveillance Audit

To ensure that your organization’s ISMS and PIMS continues to demonstrate conformance with ISO 27001 and 27701, surveillance audits are required to maintain certification. Surveillance audits are designed to confirm the scope is consistent with the original certification, improvement of the ISMS and PIMS is present and validation of ongoing monitoring procedures is being performed. Certification is valid for three years, but requires a surveillance audit in years two and three. Surveillance audits are required to be completed between 12 and 24 months of the initial certification decision date.

Recertification

A recertification audit is conducted after the surveillance period to demonstrate a complete ISMS and PIMS audit to maintain continued certification. Similar to initial certification this is a full audit of all of the required ISMS and PIMS and prior performance, changes to the system or standard, and potential changes to scope. Upon successful completion of your recertification audit and decision to remain certification will be made prior to entering into your next surveillance period.

Audit Process

Marcum RAS, LLC has developed a methodology for conducting ISO 27001 and 27701 certification audits that is in conformity with ISO 17021:2015. The methodology addresses the steps of the certification cycle including Stage 1, Stage 2, and Certification Decision, as well as the ongoing required surveillance audits.

We communicate audit expectations, timing, and deliverables to our clients through audit planning documentation, kick-off/closing meetings, status sheets available through our client portal and regular meetings. Marcum RAS, LLC standard methodology provides consistency to the certification audits process.

Certificate Decisions

As your certification body, we have defined criteria for all certification decisions including granting, refusing, maintaining, renewing, suspending, restoring and withdrawing the certificate. These processes follow the requirements defined in ISO 17021:2015.

Marcum RAS, LLC communicates with our clients through the engagement team regarding all certification decisions. All decisions related to certification are approved by Marcum RAS, LLC senior leadership, and are required to adhere to our document certification processes.

Suspending, Withdrawing, or Reducing the Scope of Certification

Marcum RAS, LLC has the authority to suspend a client’s certification when an issue arises that places the validity of the certification in question, for example:

  • the client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system;
  • the certified client does not allow surveillance or recertification audits to be conducted at the required frequencies;
  • the certified client has voluntarily requested a suspension.

When suspended, the client’s management system certification is temporarily invalid.

Marcum RAS, LLC will restore the suspended certification if the issue that has resulted in the suspension has been resolved. Failure to resolve the issues that have resulted in the suspension in a time established by the certification body shall result in withdrawal or reduction of the scope of certification.

Marcum RAS, LLC will reduce the scope of certification to exclude the parts not meeting the requirements when the certified client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction shall be in line with the requirements of the standard used for certification.

Expanding the Scope of Certification

Marcum RAS will review the application for an expansion of the scope of an existing certification and consider if any additional audit activities are required as a result of the expansion.

Marcum RAS, LLC Name and Logo

Marcum RAS, LLCs’ ISO 27001 and ISO 27701 certification logo is only to be used to illustrate conformance with the standards. The use of our name and logos in regards to ISO 27001 and 27701 certifications are governed by the terms and conditions in our contracts with clients. Marcum RAS, LLC monitors the use of its name and logo to ensure compliance with our contractual agreement and ISO 17021:2015.

Appeals

Marcum RAS, LLC audit team strives to clearly communicate the justification for its decisions related to certification activities. When a situation arises wherein the client does not agree with the audit team, the client may appeal the decision to Marcum RAS, LLC leadership. A point of contact, who is separate from the audit team, will be assigned to research the appeal Marcum RAS, LLC leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly with the client’s audit team or by submitting here.

Complaints

Complaints filed against Marcum RAS, LLC or our certified clients are received, handled and resolved in accordance with ISO 17021:2015. Marcum RAS, LLC has developed a process managed by a team independent of our audit team to document and track complaints. Complaints will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and at the time of complaint resolution. Complaints may be submitted here.

Inquiries

Inquiries regarding the status of a given certification or inquiries about geographical areas where we operate may be submitted here. Inquiries will receive a response within 48 business hours.

Impartiality

Part of our certification obligation is to maintain impartiality at all times. Our personnel and our organization are always independent of our clients. Our certification decisions are based on objective criteria and are not influenced by bias or prejudice. Marcum has an Independence Committee whose role is to evaluate new and current client relationships to ensure that the impartiality of our certification services are safeguarded.

Marcum operates in accordance with ISO/IEC 17021-1:2015 and adheres to all impartiality requirements.

For more information about ISO 27001 and ISO 27701 Certification at Marcum RAS, LLC, please contact Ben Osbrach.