PECB Processes

How can my company get Certified?

972 views 2016-01-31 2017-06-09 PECB Digital Manager 4

Understanding the Certification Process

ISO/IEC 27001 certification (also known as “registration”) is granted by a third-party, such as PECB, upon verifying through an audit that the organization is in compliance with the requirements of the ISO/IEC 27001 standard.  This certification is then maintained through scheduled annual surveillance audits by the registrar, with re-certification of the Information Security performed on a triannual basis.

  • Step 1. Pre-Audit (Optional)- It must be done at least 3 months before Certification Audit
  • Step 2. Audit Plan – Plan for audit has to be mutually agreed
  • Step 3. Audit Stage 1 & 2 – Non-conformities must be closed at least 3 months after audit conclusions
  • Step 4. Initial Certification – Certificate will be issued within 2 weeks after successful audit closing

Once certification has been obtained, the organization will be subjected to two surveillance audits within 24 months from the initial certification:

  • 1st Surveillance Audit– No longer than 12 months from the initial certification audit
  • 2nd Surveillance Audit – No longer than 12 months from the 1st surveillance audit

For more, please see the document below Understanding the Certification Process or visit or visit

If your company is interested to obtain the ISO/IEC 27001 certification, Apply here.


Was this helpful?