ISO 27001 Certification Process

Four Reasons Clients Choose Aprio for ISO 27001 Certification

#1 in the Southeast – Aprio is the first privately-held firm in the Southeast to receive an accredited ISO 27001 Certifying Body designation. As a CPA firm, Aprio delivers independent and objective attestation reporting to provide the highest level of assurance and peace of mind.

More efficient, effective and easier – Simply put, Aprio makes effective sustainable information risk management and reporting easier to achieve. Aprio’s clients especially apreciate our pragmatism and efficient ISO 27001 Certification processes.

Focused on risk management – Aprio’s focus on information risk management enables our clients to pivot from “check box” ISO 27001 Certification, audit and compliance, to real business risk management, security awareness and organizational adoption.

Customer satisfaction and loyalty – Our professionalism, integrity and risk-based approach builds trust and creates lasting relationships. Clients take us with them when they change companies.

The ISO 27001 Certification Process by Aprio

The ISO 27001 certification is the cornerstone for your organization’s information security program. The ISO 27001 framework helps your organization effectively respond to information security risks, compliance and regulatory requirements.

A dedicated Aprio team guides you through the process, clearly communicating expectations and coordinating project planning actions. The following activities are performed as part of the ISO 27001 Information Security Management Systems (ISMS) certification. To learn more about the ISO 27001 Standard and Certification Process contact Dan Schroeder, CPA, CISA, CRISC, CIPP/IT, PCI-QSA, Partner-in-Charge, Information Assurance Services.

PRE-ASSESSMENT

Aprio is the first privately-held firm in the Southeast to receive an accredited ISO 27001 Certifying Body designation. As a CPA firm, Aprio delivers independent and objective attestation reporting to provide the highest level of assurance and peace of mind.

CERTIFICATION AUDIT

The initial certification is conducted to evaluate the client’s Management System documentation and the implementation and monitoring of the client’s ISMS. The audit is conducted in two stages.

Stage 1 Audit

Includes an audit of management’s system documentation and an evaluation of the client’s location(s) in preparation for the Stage 2 audit. The client’s understanding of the standard, including the scope of the audit and resources, is also evaluated during this stage.

Stage 2 Audit

The second stage of the initial certification review includes detailed testing to determine the client has effectively implemented and is consistently monitoring its Management System in accordance with ISO 27001. This stage is performed onsite at the client’s location(s). The evidence gathered during Stage 1 and Stage 2 audits determine the audit conclusions and issuance of initial ISO 27001 certification. The initial certificate issued is valid for three years from the issuance date.

SURVEILLANCE AUDIT

Aprio also performs onsite Surveillance Audits at the client’s location(s). These audits are required to ensure that the client continues to conform to the requirements of the standards to which the initial certification is granted. Surveillance Audits are performed at least once a year.

To learn more about the ISO 27001 Standard and Certification Process, view our service overview

Get ISO 27001 Certified with Aprio

ISO 27001 certification demonstrates the maturity of your company’s information security management systems, and tells your customers, stakeholders and trading partners that your ISMS conforms to the highest standards

To learn more about how Aprio can help your organization achieve ISO 27001 Certification, contact Dan Schroeder, CPA, CISA, CRISC, CIPP/IT, PCI-QSA, Partner-in-Charge, Information Assurance Services.

If you would like to verify the ISO certification of a specific client, we request that you email us at InformationAssurance@aprio.com. Please include the client name, certification number and a telephone contact number where we may reach you.

To view our accreditation certificate, click here.

To file a confidential complaint or appeal, please send an email to Jeff Grosoff with “ISO 27001 Complaint” or “ISO 27001 Appeal” in the subject line.

Send this to a friend