Step by step towards certifications

The steps to your certification

Globally recognized certifications in one place.


An initial interview with CIS furnishes details about the certification process.
This is followed by registration and project planning.


Evaluation of the individual requirements and assessment of existing measures acc. to ISO 27001 and/or ISO 20000 within the company. CIS as an independant Certification Body is not involved.


Establishing measures according to the requirements placed by the specific standard. CIS as an independant Certification Body is not involved.

4. CIS-STAGE-REVIEW (voluntary preliminary review)

Upon request, CIS will review the usefulness and efficiency of the implemented elements in the course of the project.

5. CIS-SYSTEM-&-RISK-REVIEW (preliminary review)

CIS reviews interpretation of the requirements placed by the standard as well as the documentation. Deficiencies and opportunities for improvement will be laid down in a short report. This preliminary review provides a basis for the certification audit.


The CIS Auditor reviews the managementsystem by making multiple samples on all levels of the organization. The audit report shows opportunities for improvement.


By obtaining the “Certificate Issuance & Right to Use Licence”, you obtain the CIS Certificate, which makes the quality of the ISMS and/or ITSMS visible even to your customers.


The Surveillance Audit, which is conducted once a year, reviews effectiveness of the overall managementsystem as well as continual improvement.


After 3 years, the Certificate, which has expired, can be renewed. 

You receive a wide range of certification services from a single source. CIS Certification & Information Security Services GmbH is accredited by the state in its function as an independent certification company and is thus subject to strict guidelines.

Your customers trust in our certificates.

As a recognized certification body, CIS - Certification & Information Security GmbH is specialized in information security, data protection, cloud computing, IT services, data center as well as business continuity management.

Integrated Systems & synergies

Integrated management system and combined audits
The trend goes towards an integrated management system, which combines information security, IT Service Management, quality and environmental management in one uniform overall system. Superordinate strategy finding and planning processes can be designed significantly more efficiently. Organizations report time and cost savings of far more than 20 percent. In practice the foundation for integrated overall systems is a well implemented ISO 9001 for quality management as the content of this standard has the broadest orientation. In general every standard based on the Annex SL is suitable.
Such a fundamental management system can be extended step by step by further components, such as Information Security (ISMS acc. to ISO 27001), Data protection (PIMS acc. to ISO 27701) or IT Service Management (ITSMS acc. to ISO 20000) and Business Continuity (BCMS acc. to ISO 22301) as well as ISO 9001, ISO 14001 and many more.
Combined audits
Integrated combined audits are useful for the certification of an integrated management system. By combining two or more standards not only the audit efforts can be reduced, but also a broader view of the organization and beneficial starting points for further development can be identified. Efficiency by system integration:
  • Simplified handling, clarity and transparency
  • Joint audits for various systems relieve upper management
  • Efficient management reviews for integrated management systems
  • Joint documentation covers all management and business processes
  • Cost and time savings
Synergies by considering the complete picture
Mature systems can fully benefit of all advantages of the efficient combined audits. Integrated audits are planned carefully in consultation with the auditors in order to discuss existing processes of the various management aspects in detail. Combined audits are interesting as multifunctionally trained auditors have an overview of the overall system, which could not be obtained otherwise, and can point out potential for optimization without any limiting aspects.

 „The Stage Review increases motivation of the team and gives additional incentives. Thus the client will obtain an objective progress report.“

Ing. Johannes Mariel, Federal Computing Centre, Austria 


Stage Reviews illustrate the state of an implemented management system

On what level is the implemented management system, and which important aspects can be improved? For companies that are in a certification process acc. to ISO/IEC 27001 or ISO/IEC 20000, a Stage Review is an important milestone on the way. But also in general this powerful tool furnishes excellent benchmarking for the quality of a management system with its policies, processes, performance indicators and measures. As a voluntary preliminary review the CIS Stage Review gives information on the status of a management system and shows strong and weak points as well as opportunities for improvement in detail. For no matter whether there are too few or too many measures, this will be unprofitable. A Stage Review will be conducted by independent CIS Auditors and therefore is fit to enable objective project progress control. In order to make an analysis of the actual state, the specific risks, which depend on the company size and sector, the implemented processes as well as organization measures will be evaluated and compared to the requirements placed by ISO 27001 or ISO 20000. The result will be an audit report, which will assess strong and weak points as well as the concrete opportunities for improvement.

A Stage Review includes the following operating steps:

  • Audit planning: guarantees economically efficient handling
  • Audit procedure: evaluation of risks and strong or weak points within the company
  • Audit report: detailed report with a strength/weakness analysis and opportunities for improvement

You need further information?

We’ll be happy to help you!

E-Mail us!

+43 1 532 98 90