Österreich
Secure Your Business
 

THE CERTIFICATION PROCEDURE


A certification project acc. to ISO/IEC TR 20000-9, a Standard for Cloud Services, builds on a
certified IT Service Management System acc. to ISO 20000-1.

 

metallwolke_Fotolia_Maksim_Kabakou_V3

Service quality and availability of cloud services are made visible to customers by a recognized ISO Certificate. Therefore, the Cloud Standard ISO/IEC TR 20000-9 can be implemented and certified in combination with the Base Standard ISO/IEC 20000-1 for IT Service Management. Thanks to federal accreditation of CIS for ISO/IEC TR 20000-9, certification acc. to this Cloud Standard, which is based on system certification acc. to ISO 20000-1 and is recognized on a

national and international scale, is possible. In this respect, the scope

of ISO/IEC TR 20000-9 within an organization also corresponds to that of an IT Service Management System acc. to ISO 20000-1. CIS issues a Certificate acc. to ISO/IEC TR 20000-9, which is valid on an international scale, as independent evidence of service quality and availability of the cloud services certified. Cloud services can be certified acc. to ISO/IEC TR 20000-9 in the course of the annual Surveillance Audits acc. to ISO 20000-1 or, independently from this, at any other moment. The project process can be broken down into three phases, the implementation phase, the certification phase and the recertification phase.

 

Information: An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.

 

Analysis: Evaluation of the individual requirements and assessment of measures existing within the company. CIS as an independent Certification Body is not involved.

 

Implementation: Establishing measures according to the requirements ISO/IEC TR 20000-9 places on business continuity. CIS as an independent Certification Body is not involved.
__________

 

CIS Stage Review (voluntary preliminary review): Upon request, CIS will, in the course of the project, review the usefulness of the system elements implemented. The audit report provides a strength / weakness profile.

 

CIS System & Risk Review (preliminary review): CIS reviews implementation of the requirements placed by the Standard as well as documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review serves as a “general rehearsal” before the Certification Audit.


CIS Certification Audit: The CIS Auditor reviews the IT Service Management System supplemented by cloud aspects by making multiple samples on different levels of the organization. The audit report shows opportunities for improvement.
__________

 

CIS Licence: By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate acc. to ISO/IEC TR 20000-9, which makes the high quality level of the cloud services visible to your customers and will be valid for three years.

 

CIS Surveillance Audit: The Surveillance Audit, which is conducted once a year, reviews effectiveness of the overall management system as well as continual improvement.

 

CIS Recertification Audit: After 3 years, the Certificate, which has expired, can be renewed.

 

 
 
CIS - Certification & Information Security Services GmbH T +43 (0)1 532 98 90 office@cis-cert.com

T&C