Illustrate your conformity to ISO 27001 and 27701 to customers and interested parties by obtaining ISO 27001 and ISO 27701 Certification.
Obtain ISO 27001 and 27701 Certification to demonstrate the conformity of your Information Security Management Systems (ISMS) and Privacy Information Management System (PIMS) requirements and create a framework that illustrates your security and privacy posture to current and potential organizations.
ISO 27001 provides an international standard and methodology for the implementation, management and maintenance of information security for organizations. Obtaining ISO 27001 certification demonstrates conformity of your Information Security Management System (ISMS) requirements and is a framework that can illustrate your security posture to current and potential organizations.
ISO 27701 is an extension to the ISO 27001 Information Security Management System (ISMS) and provides an international standard and methodology for the implementation, management and maintenance of privacy for organizations.
ISO 27001 Certification Process
Marcum RAS, LLC is a certification body for ISO 27001 and ISO 27701 Accredited by ANAB: ANSI National Accreditation Board, located in Tampa, Florida, and can provide your organization with the following services:
As part of the initial engagement, we will perform a comprehensive assessment of the services and systems under review. After obtaining a clear and thorough understanding of our client’s environments, we will customize an audit plan and provide access to an online collaboration tool that includes all required documentations, identification of key personnel from both Marcum RAS, LLC and the client and documented target milestones within our project calendar.
Stage 1 Audit
As part of the Stage 1 audit, Marcum RAS, LLC reviews your company’s documentation to confirm it is in compliance with the requirements of ISO 27001 and ISO 27701. At the completion of this stage, clients are provided with a detailed report identifying any nonconformities. In addition to the deficiencies/nonconformities report, Marcum RAS, LLC will provide you with a roadmap of next steps.
Stage 2 Audit
Once your organization completes Stage 1, you move into Stage 2, which tests the conformance of the ISMS and PIMS. During the onsite audit, we will perform testing procedures such as interviews, observation of processes and inspection of artifacts to determine and document conformance.
To ensure that your organization’s ISMS and PIMS continues to demonstrate conformance with ISO 27001 and 27701, surveillance audits are required to maintain certification. Surveillance audits are designed to confirm the scope is consistent with the original certification, improvement of the ISMS and PIMS is present and validation of ongoing monitoring procedures is being performed. Certification is valid for three years, but requires a surveillance audit in years two and three. Surveillance audits are required to be completed between 12 and 24 months of the initial certification decision date.
A recertification audit is conducted after the surveillance period to demonstrate a complete ISMS and PIMS audit to maintain continued certification. Similar to initial certification this is a full audit of all of the required ISMS and PIMS and prior performance, changes to the system or standard, and potential changes to scope. Upon successful completion of your recertification audit and decision to remain certification will be made prior to entering into your next surveillance period.
Marcum RAS, LLC has developed a methodology for conducting ISO 27001 and 27701 certification audits that is in conformity with ISO 17021:2015. The methodology addresses the steps of the certification cycle including Stage 1, Stage 2, and Certification Decision, as well as the ongoing required surveillance audits.
We communicate audit expectations, timing, and deliverables to our clients through audit planning documentation, kick-off/closing meetings, status sheets available through our client portal and regular meetings. Marcum RAS, LLC standard methodology provides consistency to the certification audits process.
As your certification body, we have defined criteria for all certification decisions including granting, refusing, maintaining, renewing, suspending, restoring and withdrawing the certificate. These processes follow the requirements defined in ISO 17021:2015.
Marcum RAS, LLC communicates with our clients through the engagement team regarding all certification decisions. All decisions related to certification are approved by Marcum RAS, LLC senior leadership, and are required to adhere to our document certification processes.
Marcum RAS, LLC Name and Logo
Marcum RAS, LLCs’ ISO 27001 and ISO 27701 certification logo is only to be used to illustrate conformance with the standards. The use of our name and logos in regards to ISO 27001 and 27701 certifications are governed by the terms and conditions in our contracts with clients. Marcum RAS, LLC monitors the use of its name and logo to ensure compliance with our contractual agreement and ISO 17021:2015.
Marcum RAS, LLC audit team strives to clearly communicate the justification for its decisions related to certification activities. When a situation arises wherein the client does not agree with the audit team, the client may appeal the decision to Marcum RAS, LLC leadership. A point of contact, who is separate from the audit team, will be assigned to research the appeal Marcum RAS, LLC leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly with the client’s audit team or by submitting here.
Complaints filed against Marcum RAS, LLC or our certified clients are received, handled and resolved in accordance with ISO 17021:2015. Marcum RAS, LLC has developed a process managed by a team independent of our audit team to document and track complaints. Complaints will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and at the time of complaint resolution. Complaints may be submitted here.
Inquiries regarding the status of a given certification or inquiries about geographical areas where we operate may be submitted here. Inquiries will receive a response within 48 business hours.
Part of our certification obligation is to maintain impartiality at all times. Our personnel and our organization are always independent of our clients. Our certification decisions are based on objective criteria and are not influenced by bias or prejudice. Marcum has an Independence Committee whose role is to evaluate new and current client relationships to ensure that the impartiality of our certification services are safeguarded.
Marcum operates in accordance with ISO/IEC 17021-1:2015 and adheres to all impartiality requirements.