SMI Certification offers its certification service against the internationally renowned standard for Information Security Management System ISO 27001:2013. Our certification system is built on the following processes:
1. APPLICATION PROCESS
Applications may be submitted using the online application below. These applications are reviewed and checked for completeness. We may contact you for further clarifications.
The Stage 1 Audit involves a desk audit of documentation which includes a review of :
the proposed scope of certification
the supporting documentation
the way the system has been implemented
the commitment, objectives and policies of management
the key management elements (internal audits, complaints and management review)
site specific activities
regulatory and legal requirement
and an on-site visit to witness the readiness of the organization for the Stage 2 Audit.
After a stage 1 audit, a report is issued to identify the degree of readiness and give time to the client to improve the management system before the Stage 2 Audit.
The Certification Stage 2 Audit (Initial Certification) involves a full review of the company’s implementation of their Management System. The duration of the audit allows a detailed review of records and documents used to provide evidence that the organisation’s processes are controlled and have predictable outcomes. The outcomes of the processes need to show that they meet customer expectations as well as the objectives and policies set by the organisation’s management.
SMI Certification will issue an audit report at the end of the Stage 2 Audit as well as a recommendation for the outcome of the audit. However, before proceeding to grant certification, the applicant has to analyze any major/minor issues raised and, for each:
identify the cause of the issue,
advise how the issue has to be corrected, and
show what was changed in the management system to eliminate or reduce the risk of the same issue reoccurring
If there are major issues raised, it might be necessary to re-visit the site to ensure satisfactory closure.
When SMI Certification receives a satisfactory response from the applicant, the file is independently reviewed by SMI Certification Board who takes the decision whether or not to award the Certificate.
3. SURVEILLANCE AND RE-CERTIFICATION
At least once a year, SMI Certification visits each certified company and ensures that the management system is being maintained and that it is achieving its expected outcomes. At each visit, part of the management system is reviewed in depth.
There is a certification cycle of three years (as indicated by the expiry date on the certificate) and, before the certificate expires, a more detailed review is undertaken. This re-certification reviews the performance of the whole management system and ensures that every element of the system is performing satisfactorily; the results of the previous audits are taken into account.
The issues raised at the re-certification are handled the same way as at the end of the certification process. When a satisfactory response is received, a certification decision is taken by SMI Certification Board and a new certificate is issued.
Any changes during the 3-year certification cycle are normally reviewed and audited during routine surveillance events. In cases where change leads to the breakdown of the system, SMI Certification reserves the right to suspend or withdraw certification.
4. IMPARTIALITY AND CONFIDENTIALITY
Impartiality and confidentiality are cornerstones of SMI Certification services. SMI Certification guarantees the confidentiality of their certification services and ensure that the service is fully impartial.
5. COMMITMENT TO IMPARTIALITY
SMI Certification is committed to ensuring the impartiality of its certification services and actively manages any threat of actual or perceived conflicts of interest affecting its certification services, its management, staff and auditors and the activities of any associated functions. SMI Certification impartiality is monitored by a dedicated Impartiality Committee set up by the Standards and Metrology Institute so to provide an oversight of SMI Certification activities in particular to the impartiality of its certification services.
Any queries relating to impartiality should be addressed to the Head of SMI Certification. These will be reviewed by the Chairperson of the Impartiality Committee.