Step by step towards certifications
The steps to your certification
Globally recognized certifications in one place.
1. INFORMATION
An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.
2. ANALYSIS
Evaluation of the individual requirements and assessment of existing measures acc. to ISO 27001 and/or ISO 20000 within the company. CIS as an independant Certification Body is not involved.
3. IMPLEMENTATION
Establishing measures according to the requirements placed by the specific standard. CIS as an independant Certification Body is not involved.
4. CIS-STAGE-REVIEW (voluntary preliminary review)
Upon request, CIS will review the usefulness and efficiency of the implemented elements in the course of the project.
5. CIS-SYSTEM-&-RISK-REVIEW (preliminary review)
CIS reviews interpretation of the requirements placed by the standard as well as the documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review provides a basis for the certification audit.
6. CIS-CERTIFICATION-AUDIT
The CIS Auditor reviews the managementsystem by making multiple samples on all levels of the organization. The audit report shows opportunities for improvement.
7. CIS-LICENCE
By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate, which makes the quality of the ISMS and/or ITSMS visible even to your customers.
8. CIS-SURVEILLANCE-AUDIT
The Surveillance Audit, which is conducted once a year, reviews effectiveness of the overall managementsystem as well as continual improvement.
9. CIS-RECERTIFICATION-AUDIT
After 3 years, the Certificate, which has expired, can be renewed.
Certification process for systems
This document describes the process of a certification for the Standards ISO/IEC 20000, ISO/IEC 22301, ISO/IEC 27001 including ISO 27017/ISO 27018/ISO 27019/ISO 27701, ISO/IEC 62443-2-1 and assessment acc. to EnWG §11 1a and EnWG §11 1b in detail.
Integrated Systems & synergies
- Simplified handling, clarity and transparency
- Joint audits for various systems relieve upper management
- Efficient management reviews for integrated management systems
- Joint documentation covers all management and business processes
- Cost and time savings
STAGE REVIEW
Stage Reviews illustrate the state of an implemented management system
On what level is the implemented management system, and which important aspects can be improved? For companies that are in a certification process acc. to ISO/IEC 27001 or ISO/IEC 20000, a Stage Review is an important milestone on the way. But also in general this powerful tool furnishes excellent benchmarking for the quality of a management system with its policies, processes, performance indicators and measures. As a voluntary preliminary review the CIS Stage Review gives information on the status of a management system and shows strong and weak points as well as opportunities for improvement in detail. For no matter whether there are too few or too many measures, this will be unprofitable. A Stage Review will be conducted by independent CIS Auditors and therefore is fit to enable objective project progress control. In order to make an analysis of the actual state, the specific risks, which depend on the company size and sector, the implemented processes as well as organization measures will be evaluated and compared to the requirements placed by ISO 27001 or ISO 20000. The result will be an audit report, which will assess strong and weak points as well as the concrete opportunities for improvement.
A Stage Review includes the following operating steps:
- Audit planning: guarantees economically efficient handling
- Audit procedure: evaluation of risks and strong or weak points within the company
- Audit report: detailed report with a strength/weakness analysis and opportunities for improvement