Expert Advice Community

Guest

How long should the ISMS be in place before going for the certification audit

  Quote
Guest
Guest user Created:   May 12, 2016 Last commented:   May 12, 2016

How long should the ISMS be in place before going for the certification audit

How long must these ISMS controls be in place before being able to get an audit? IN other words, some of these policies will be new and we are just creating and implementing them as we go through the process of trying to get certified. Do certification boards need to see these policies in place for a specified period of time first?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic May 12, 2016

Answer:

This is different from one certification body to the other - some require you to have ISMS in full operation for at least 3 months, while others do not have such a criteria. The best would be if you ask for proposals from couple of certification bodies, and ask them this specific question.

These articles may also help you:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 12, 2016

May 12, 2016