Guest
How long should the ISMS be in place before going for the certification audit
How long must these ISMS controls be in place before being able to get an audit? IN other words, some of these policies will be new and we are just creating and implementing them as we go through the process of trying to get certified. Do certification boards need to see these policies in place for a specified period of time first?
Assign topic to the user
Expert
Dejan Kosutic
May 12, 2016
Answer:
This is different from one certification body to the other - some require you to have ISMS in full operation for at least 3 months, while others do not have such a criteria. The best would be if you ask for proposals from couple of certification bodies, and ask them this specific question.
These articles may also help you:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
Comment as guest or Sign in
May 12, 2016
May 12, 2016
May 12, 2016