An initial certification requires the following steps to be completed:
- An intake interview to explain the process and determine the scope. During this mee-ting we will look together at what your goal is with the certification, and whether the possible certification is in line with your goal and the standards and guidelines;
- Together with us, you draw up the Statement of Applicability (SoA) specifying the measures which are relevant to you, and why;
- You let an internal audit to be conducted;
- We perform the pre-audit as a GAP analysis. A Gap is a major or a minor nonconfor-mity;
- You mitigate the identified GAPs, with the aim of eliminating all major nonconformi-ties. If minor nonconformities remain open, improvement plans must be drawn up;
- We perform the certification audit.
Normally, a certificate is valid for three years and must be checked twice through an annu-al surveillance audit.
For NEN 7510 we have a license agreement with NEN. Pending our current accreditation application to the Dutch Accreditation Council, the certificate for NEN 7510 is valid for one year. This may be extended twice by one year via an annual surveillance audit.
After three years from the initial certification, the first recertification takes place. Subse-quently, recertification is required after every three years.
The standards used
Noordbeek Certification certifies against ISO 27001 and NEN 7510. Noordbeek Certifica-tion itself uses NEN-ISO / IEC 27006: 2015 ‘Requirements for bodies providing audit and certification of information security management systems’, ISO / IEC 17021: 2015 ‘Con-formity assessment - Requirements for bodies providing audit and certification of man-agement systems’ and NCS 7510: 2018 ‘Conformity assessment - Requirements for institu-tions that perform audits for the certification of information security management systems in the healthcare sector’ for the design of its own assessment process and quality system.
The fee for certification
The number of audit days for the initial certification, the surveillance audit and recertifica-tion depends on the number of full-time employees in your organization, the complexity of your automation and work processes, etc. We use the tables in ISO 27006 and NCS 7510 for this.
We follow the above standards for expanding or narrowing the scope of certification, or if you decide to switch from another Certification Body to us.
Decisions about certificates are taken by our Certification Committee. This concerns, among other things:
- Certification (of the client following an initial audit);
- Renewal (of the certificate following a recertification audit);
- Refuse (from certification);
- Approve scope (following a request from a certified customer to expand or reduce the scope of certification);
- Withdrawal (of a certificate);
- Suspension (of a certificate);
- Recovery (of a certificate after suspension).
Appeal against a conformity assessment
If you disagree with a decision of our Certification Committee, you can appeal against it. The page ‘Complaints and Appeal Procedure’ contains a form to submit a request for ap-peal.
To successfully complete a certification process, your organization must:
- Meet certification requirements;
- Make all necessary arrangements to conduct the audits, including facilities for docu-mentation review and access to all processes and areas, files and personnel for initial certification, monitoring, recertification and complaint resolution;
- Make arrangements, where appropriate, to allow the presence of observers (e.g. accred-itation assessors or trainee auditors).
If a certificate has been awarded, the following rules apply in accordance with the stan-dards and guidelines:
- Noordbeek Certification will inform you if the requirements for certification change, or if a person or organization submits a complaint related to a certificate that has been awarded to your organization;
- Your organization informs Noordbeek Certification about changes in the management system that relate to an awarded certificate. These include a change in the ownership of the organization, changes in the management structure, an adjustment of the scope, a change of address, etc.
See also the General Terms and Conditions of Noordbeek Certification on this website.