Software
Solutions
Clients
- Case Studies
Learn QHSE
Blog

QHSE Compliance Software Solutions

Mango can be used to control and maintain all aspects of an organisation's QHSE compliance requirements.

So whatever your needs - be they Health & Safety, Quality, Environmental Management, Food Safety - or all four - Mango is the answer.

Quality Management - ISO 9001
Health & Safety - ISO 45001
Environmental - ISO 14001
Integrated QHSE
Food Safety - ISO 22000
Information Security - ISO 27001
Business Continuity - ISO 22301

QHSE Compliance Software

Mango can be used to control and maintain all aspects of an organisation's QHSE compliance requirements.

So whatever your needs - be they Health & Safety, Quality, Environmental Management, Food Safety - or all four - Mango is the answer.

Accidents & Incidents
App
Assessment
Audits & Inspections
Calendar
Charts
Compliance
Dashboard
Document Management
eLearning
Environmental Management
Event Management
Food Safety/Incident
Human Resources
Improvements
Maintenance
Management of Change
Plant & Equipment
Pre-qualification
Risk Management
Security Incident
Suppliers

QHSE Learning Centre

Broaden your QHSE knowledge with resources for all skill levels.

Whether you need the latest advanced tactics, a refresher on the basics, or to start from scratch, this is your home for QHSE knowledge.

Quality Management
Integrated QHSE
Health and Safety
Food Safety
Environmental
Information Security

QHSE Clients

Watch and listen to some Mango clients. They are just like you. Wrestling with QHSE compliance. They tell stories of before and after using Mango. They tell it like it is.

Agriculture and fishing
Construction
Food
Health Care
Manufacturing
Retail
Services
Tourism
Transport And Logistics

ISO 27001 Information Security Management Standard - Certification Step 1

Posted by Craig Thornton

Part 38 - Getting Certified to ISO 27001 – Selecting Your Certification Body

So you have created your information security system management system (ISMS). Now how do you get it certified to ISO 27001?

The first thing you’ll do is select a Certification Body (CB) to carry out your audit.

Certification Body

Here are our top tips to choose your Certification Body:

1. Are they accredited to conduct your audit?

You’ll need to find out if they are accredited by a reputable authority. It pays to only deal with CBs that are accredited by national Accreditation Bodies (AB).

For example,

here in New Zealand (and Australia) the AB is JASANZ.
In the US it’s ANAB, and
in the UK it’s UKAS.
In Germany it’s DAkkS.

So your first question to your CB is “are you accredited?” If not, then move on.

2. Ask for their industry experience, background, and expertise.

It is crucial that they understand what you do and how you do it. If they haven’t got experience in your exact industry, kick them to the curb and find another.

3. Ask them if they can work in your scope.

Make sure they have the technical ability to carry out your audit.

Request evidence that they can work in your scope. See the resumes of the proposed audit team.

4. See references from the CB.

Ask the CB for any references from organisations that are in your industry and have used them in the past.

Ask if you can talk to these reference sites too.

5. See if they can meet your timeframe for certification.

Some CBs are super busy so you need to check with them to ensure that you can book their auditors to do your audit when you want them to.

6. Check the fee schedule.

Make sure the fee schedule is discussed and agreed upfront. There should be no surprises when the invoice arrives. CBs will withhold certificates if invoices haven’t been paid.

7. Is the CB keen to establish a long term relationship?

It is good business practise to build a long term relationship with your CB to ensure that they continue to provide a good audit experience for you.

Here at Mango we decided on DQS (www.dqsausnz.com.au) based out of Melbourne in Australia.

DQS ticked all the boxes as listed above. In terms of responsiveness to our requests they really stood out, whether that was by email or by phone.

Takeaways

Check that they are accredited.
Check their industry experience, background, and expertise.
Check that they work in your scope.
Get client recommendations.
Can they meet your time frame for certification?
Check their costings.
Check if they are keen to establish a long term relationship.

View previous blogs in this series "ISO 27001 Information Security Management Standard":

Part 1 - Reasons why you need to meet this standard

Part 2 - Principle 1 - Analysing the Protection of Your Information and then Applying Controls

Part 3 - Principle 2 - Awareness of the Need for Information Security

Part 4 - Principle 3 - Assignment of Responsibility for Information Security

Part 5 - Principle 4 - Incorporating Management Commitment and the Interests of Stakeholders

Part 6 - Principle 5 - Enhancing Societal Values

Part 7 - Principle 6 - Risk assessments determining appropriate controls to reach acceptable levels of risk

Part 8 - Principle 7 - Security incorporated as an essential element of information networks and systems

Part 9 - Principle 8 - Active prevention and detection of information security incidents

Part 10 - Principle 9 - Ensuring a comprehensive approach to information security management

Part 11 - Principle 10 - Continual reassessment of information security and making of modifications as appropriate

Part 12 - ISO 27001 Information Security Management Standard: Clauses 0, 0.1, 0.2, 1, 2 and 3

Part 13 - ISO 27001 Information Security Management Standard: Clauses 4.1, 4.2, 4.3 and 4.4

Part 14 - ISO 27001 Information Security Management Standard: Clause 5.1

Part 15 - ISO 27001 Information Security Management Standard: Clause 5.2

Part 16 - ISO 27001 Information Security Management Standard: Clause 5.3

Part 17 - ISO 27001 Information Security Management Standard: Clause 6.1

Part 18 - ISO 27001 Information Security Management Standard: Clause 6.2

Part 19 - ISO 27001 Information Security Management Standard: Clauses 7.1 - 7.4

Part 20 - ISO 27001 Information Security Management Standard: Clause 7.5

Part 21 - ISO 27001 Information Security Management Standard: Clauses 8.1, 8.2, 8.3

Part 22 - ISO 27001 Information Security Management Standard: Clauses 9.1, 9.2, 9.3

Part 23 - ISO 27001 Information Security Management Standard: Clauses 10.1, 10.2

Part 24 - ISO 27001 Information Security Management Standard: Clause A5

Part 25 - ISO 27001 Information Security Management Standard: Clause A6

Part 26 - ISO 27001 Information Security Management Standard: Clause A7

Part 27 - ISO 27001 Information Security Management Standard: Clause A8

Part 28 - ISO 27001 Information Security Management Standard: Clause A9

Part 29 - ISO 27001 Information Security Management Standard: Clause A10

Part 30 - ISO 27001 Information Security Management Standard: Clause A11

Part 31 - ISO 27001 Information Security Management Standard: Clause A12

Part 32 - ISO 27001 Information Security Management Standard: Clause A13

Part 33 - ISO 27001 Information Security Management Standard: Clause A14

Part 34 - ISO 27001 Information Security Management Standard: Clause A15

Part 35 - ISO 27001 Information Security Management Standard: Clause A16

Part 36 - ISO 27001 Information Security Management Standard: Clause A17

Part 37 - ISO 27001 Information Security Management Standard: Clause A18

Tags: ISO 27001, information security, ISO 27001 Certification

Subscribe to Email Updates

Posts by Tag

Recent Posts

About Mango

Mango is a popular Compliance Management solution developed by Mango Limited.
Over 100,000 users love how Mango enables them to meet all their compliance obligations with ease. To learn more about Mango just CLICK HERE

Contact Mango

Connect with Mango

Software
Solutions
Clients
Resources
Partners
About
Privacy Policy
Security Policy

Copyright 2024 Mango