Hi, this is my first question here!
Where exactly is it defined that ISO 27001 has a 3 year certificate to include Stage 1 & 2 audits along with annual Surveillance Reviews until its expiration? I'm still trying to wrap my head around Certification Bodies. Thank you.
This three-year cycle period was a recommendation from the International Accreditation Forum (IAF) for certification bodies to be compliant with ISO 17021, the ISO standard which defines requirements for certification bodies.
IAF sets common requirements for organizations acting as certification bodies.