ISO management system certification

Answer: First you have to implement ISO 27001 / ISO 22301 according the steps described in the toolkit you bought. After implementation, you have to look for a certification body to audit your system and issue a certificate in case the system is complaint with standards requirements.

2 - Once I work on completing all the documents in the documentation toolkit what happens then? Do I submit them to Advisera and you submit it to ISO or do I need to submit them to ISO myself?

Answer: During implementation you can submit some of your documents to us for review, so we can evaluate their compliance to the standards and suggest improvements when needed, but it is your organization that has to go through the process to select an certification body and submit your management system to the certification process. We are not authorized to issue certificates, since we are not a certification body.

This article will provide you further explanation about choosing a certif ication body:
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

3 - How long on average does it take to become certified when the documents are submitted?

Answer: The time to go through all the certification process will vary depending on the size and complexity of the management system scope, but generally it takes between one to four months (mostly depending if the organization goes through a pre-certification audit or not).
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/

4 - Will someone from the body come to my company to conduct an assessment?

Answer: The certification process is conducted in two phases: a document review, which not necessarily requires the presence of the certification auditor in the organization, and the main audit, which is performed in the organization to asses the compliance of implemented processes and controls.

5 - Will my company receive certifications?

Answer: If your system is fully complaint with the standard's requirements, you will get the certificate.

6 - Can my company start to use the certifications in marketing or to secure new deals?

Answer: One of the benefits of certified systems is that you can use the certification as a market tool, to demonstrate you can protect information (regarding ISO 27001) / ensure business continuity (regarding ISO 22301). Together with the certification you also will receive from the certification body orientations about how to use the elements such as logos and certification information to promote your business.