Phase 7: Recertification
Phase 7
Overview
Processes to Undertake
Preparation for Recertification Audit
Objective
Prepare your organization and ISMS for the comprehensive recertification audit.
Activities
- Review Previous Audit Findings: Examine the results and corrective actions from previous audits, including surveillance audits, to ensure that all identified issues have been addressed.
- Update ISMS Documentation: Ensure that all policies, procedures, and records are current and accurately reflect any changes made since the last certification.
- Conduct Internal Review: Perform a thorough internal review to assess the current state of your ISMS and identify any potential areas of improvement or non-conformance.
Conducting the Recertification Audit
Objective
Evaluate whether your ISMS continues to meet ISO 27001 requirements and remains effective.
Activities
On-Site Audit: The certification body performs a detailed on-site audit, which includes:
- Documentation Review: Assess the current ISMS documentation to verify compliance with ISO 27001 standards.
- Interviews: Engage with key personnel to confirm that policies and procedures are being implemented effectively.
- Observations: Observe operational processes and controls to ensure they are functioning as intended and managing information security risks effectively.
- Review of Changes: Evaluate how well recent changes or improvements have been integrated into the ISMS and their impact on overall effectiveness.
- Evaluation of Compliance: Assess the ongoing compliance of the ISMS with ISO 27001 requirements and determine if it continues to meet the necessary standards.
Identification of Non-Conformities and Areas for Improvement
Objective
Identify any non-conformities or areas where the ISMS may need further improvement.
Activities
- Document Findings: Record any deviations from ISO 27001 standards, including issues related to control implementation or procedural adherence.
- Assess Impact: Evaluate the significance of identified non-conformities and their potential impact on the effectiveness of the ISMS.
Reporting and Certification Decision
Objective
Provide a detailed report on audit findings and make a decision regarding the renewal of certification.
Activities
- Prepare Recertification Audit Report: Document the findings of the audit, including non-conformities, observations, and recommendations for further improvement.
- Decision on Certification: Based on the audit results, determine whether to renew the ISO 27001 certification or if additional corrective actions are required before renewal can be granted.
- Communicate Results: Share the audit report and certification decision with relevant stakeholders.
Implementation of Corrective Actions
Objective
Address any non-conformities identified during the recertification audit.
Activities
- Develop and Implement Corrective Actions: Create a plan to address any identified issues, including specific actions, responsibilities, and timelines.
- Monitor Progress: Track the implementation of corrective actions and ensure that they effectively resolve identified issues.

Talk With An ISO 27001 Expert
[ Deliverables ]

Recertification Audit Report
A comprehensive report detailing the findings from the recertification audit, including non-conformities, observations, and recommendations for improvement.
Corrective Action Plan
A structured plan to address any non-conformities identified during the audit, including actions to be taken, responsibilities, and deadlines.
Certification Renewal
Confirmation of the renewal of ISO 27001 certification based on the audit results and successful implementation of any corrective actions.
Outcome
The Recertification phase ensures that your ISMS continues to comply with ISO 27001 standards and remains effective in managing information security risks. By undergoing a comprehensive audit, your organization demonstrates its ongoing commitment to information security and its ability to adapt to evolving security challenges. Successful completion of the recertification audit results in the renewal of your ISO 27001 certification, reinforcing your organization's dedication to maintaining high standards of information security management.
Get Started With NDB Today
-
Results to get your company ISO compliant
-
Expert aduit guidance through each phase
-
High compliance and audit success rate