ISO certification services

Get the guidance you need to achieve the standard

 

About Grant Thornton Certifications LLC

 

Grant Thornton Certifications is an accredited ISO/IEC 27001 certification body offering ISO/IEC 27001 certification services.

 

We’re a team of experienced professionals dedicated to helping organizations achieve and maintain ISO certification. ISO standards are globally recognized and provide a framework for a range of activities.

 

Our mission is to provide the tools and guidance necessary to assess conformance of your organization's management systems with these standards.

 
 
 

Commitment to Impartiality

 

We are committed to maintaining impartiality in our certification activities with clients and prospective clients. As an accredited certification body, this commitment is rooted in who we are and our obligation to uphold the integrity and credibility of our certifications to those users who rely on them.

 

Grant Thornton Certifications has established procedures for acceptance and continuance of client relationships and engagements to help both our people, and our firm maintain independence and identify and manage risks that could impair impartiality. Grant Thornton Certifications does not provide consultancy services.

 

Grant Thornton Certifications conforms to the requirements outlined within the current ISO/IEC 17021-1 standard to provide confidence in its delivery of audit services and in its certification decisions. Certification decisions are made by an independent personnel who safeguard impartiality and independence when making decisions.

 

These decisions are based on objective evidence of conformance to relevant ISO/IEC standards and are not improperly influenced by other interests or parties.

 
 

ISO/IEC 27001 Certification Process

 

Certification lifecycle

 

As part of pre-certification activities, we will conduct a client evaluation and engagement acceptance review. As part of this process, you will submit an application that includes information over the ISMS scope and boundaries of the system to determine audit timing and resourcing needs. This includes information about the approximate number of people, infrastructure, software components, key activities and data, and locations (physical and virtual) of the ISMS. A Statement of Applicability and other ISMS scoping documentation, if available, are helpful.
Initial certification audits include two stages. Stage 1 is an evaluation of the management system and documentation with primary focus on the design of the system. Stage 1 also helps with planning for stage 2. The Stage 2 audit evaluates the implementation and effectiveness of the management system, including the in-scope Annex A controls. This stage is performed at the client location(s) whether physically or via remote means.  Grant Thornton Certifications will then determine if it will issue certification to the client.
The initial certificate issued is valid for three years from the issuance date. At least annually, surveillance audits are conducted to determine if the certified organization maintained its compliance to the standard. These audits include limited testing and an onsite review to determine impact of any significant changes since the original certification.
Before the certificate expires, arrangements for recertification is planned. Recertification activities include a full audit of the ISMS.
If during the 3-year certification cycle there are changes in scope of the certification (i.e., reduction or expansion) or changes to requirements, this will be discussed with the Grant Thornton Certifications team.
 
 

Appeals

 

Clients can appeal a decision made by Grant Thornton Certifications for any reason, including incompetent or prejudice assessment results, along with any disagreements in terms of certification audit findings, classifications, deadlines, and more. If appealing, be prepared to provide relevant facts or data for consideration.

 

The appeal process can begin by utilizing the “contact us” function, sending an email, or verbally communicating your desire to appeal to the Grant Thronton Certifications management team directly. Our management team will need the following information to assess the nature of the appeal:

  • Name of appellant
  • Appellant contact information
  • Application, audit, and certification decision subject to the appeal
  • Appeal description

 

Once a decision has been made regarding the appeal, no counterclaims can be made by either party to change the decision unless additional supporting documentation is provided. Grant Thornton Certifications will consider the results of historical cases when similar appeals are received. If an appeal is successful and a certification is insured or reinstated, claims cannot be made against Grant Thornton Certifications for reimbursement of costs associated with the withholding, suspension, or withdrawal notification.

 

 

Complaints

 

Any affected user can submit a formal complaint via the “contact us” function or send your complaint in written form via mail, email, or through verbal communication with the management team. Grant Thornton Certifications will review all information during the development of an initial complaint case regardless of its current certification status. Our management team will serve as the authority on all incoming complaints and spearhead the overall process, removing any individuals within the audit team. 

 

If a certified client is the subject of a complaint, a member of the Grant Thornton Certifications management team will serve as a representative, communicating actions within an appropriate timeframe and maintaining integrity across any other ongoing investigations. 

 

Should complaint information be determined insufficient, a management team representative will follow up to retrieve additional necessary information or clarification. 

 

If a complaint results in the modification of a decision, a member of the Grant Thornton Certifications management team may feel the need to publicize this information. In this extenuating circumstance, the certification body will ask for input from the client and complainant prior to publicizing, ensuring confidentiality and compliance with local laws governing public disclosure of events. 

 

Once a decision has been made regarding the complaint, no counterclaims can be made by either party to change the decision unless additional supporting documentation is provided. Grant Thronton Certifications will consider the results of historical cases when similar appeals are received.

 

 

Confidentiality

 

Except as required in ISO/IEC 17021 and IAF MD 28, information about a particular certified client or individual shall not be disclosed to a third party without the written consent of the certified client or individual concerned.

  1. Grant Thornton Certifications is responsible for the management of all information obtained or created during the performance of certification activities, including committees and external bodies or individuals acting on its behalf.
  2. Grant Thornton Certifications shall inform the client, in advance, of the information it intends to place in the public domain. All other information, except for information that is made publicly accessible by the client, shall be considered confidential.
  3. Information about a particular certified client or individual shall not be disclosed to a third party without the written consent of the certified client or individual concerned.
  4. When Grant Thornton Certifications is required by law or authorized by contractual arrangements to release confidential information, the client or individual concerned shall, unless prohibited by law, be notified of the information provided.
  5. Information about the client from sources other than the client (e.g. complainant, regulators) shall be treated as confidential, consistent with the certification body’s policy.
  6. Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on the certification body’s behalf, shall keep confidential all information obtained or created during the performance of the certification body’s activities except as required by law.

 

Suspension Policy 

 

If a client fails to maintain compliance with certification conditions, Grant Thornton Certifications reserves the right to suspend certification. During a suspension period, certification is invalid, and these periods are reflected in the status field within our Client Directory and the IAF Cert Search Database as required by IAF MD 28.

 

 

Use of Certification Marks

 

Grant Thornton Certifications is an accredited certification body, and for that we have developed a trademarked certification mark. Rules for the use of the Grant Thornton Certifications name and logo are documented within the terms and conditions section of our client agreement, and within documentation given to clients upon successful certification. We closely monitor the use of our name and logo to ensure compliance with standards governing us as a certification body. Complaints against Grant Thornton Certifications or our clients are not made public unless required by law. Certified clients may use our certification mark subject to the following conditions:

  1. 1. The certification mark may be used on correspondence, advertising and promotional material in conjunction with the certified client’s name, and shall not be used in connection with services, activities, or locations not covered by the scope of certification;
  2. The certification mark shall not be used on a product nor product packaging nor in any other way that may be interpreted as denoting product conformity;
  3. The certification mark shall not be altered, including both style and colors;
  4. Upon termination of certification, the certified client shall immediately discontinue use of the mark. Use of the marks is not to be reinitiated unless certification is fully reinstated.

 

Note: The ISO logo is a registered trademark and use of the ISO logo is not allowed by anyone outside of ISO. As owner, ISO has control of the ISO mark and name.

 

 

Certificate Directory

 

Grant Thornton Certifications maintains a list of ISO certified clients. To request certification information for a specific entity, please reach out using the “contact us” function below. 

 

Additionally, certification bodies are required to report certification status to the IAF Certsearch Database (iafcertsearch.org) monthly per IAF MD 28. Certifications can be independently verified via the database.

 
 

Have a question? We’re ready to answer it.

 

Tell us how we can help

 

 

Â