An initial certification requires the following steps to be completed:
- An intake interview to explain the process and determine the scope. During this meeting we will look together at what your goal is with the certification, and whether the possible certification is in line with your goal and the standards and guidelines;
- Your organization carries out its own internal audit and management review
- We perform the stage 1 audit to determine whether your organization is ready for a stage 2 certification audit;
- In addition, we investigate whether there are areas of concern that could lead to a deviation during a stage 2 certification audit. These are the GAPs;
- Your organization mitigates the identified GAPs, with the aim of eliminating all major nonconformities. If minor nonconformities remain open, improvement plans must be drawn up;
- We perform the stage 2 certification audit.
Normally, a certificate is valid for three years and must be checked twice through an annual surveillance audit.
For NEN 7510 we have a license agreement with NEN. Pending our current accreditation application to the Dutch Accreditation Council, the certificate for NEN 7510 is valid for one year. This may be extended twice by one year via an annual surveillance audit.
After three years from the initial certification, the first recertification takes place. Subsequently, recertification is required after every three years.
The standards used
Noordbeek Certification certifies against ISO 27001 and NEN 7510. Noordbeek Certification itself uses NEN-ISO / IEC 27006: 2015 ‘Requirements for bodies providing audit and certification of information security management systems’, ISO / IEC 17021: 2015 ‘Conformity assessment - Requirements for bodies providing audit and certification of management systems’ and NCS 7510: 2018 ‘Conformity assessment - Requirements for institutions that perform audits for the certification of information security management systems in the healthcare sector’ for the design of its own assessment process and quality system.
The fee for certification
The number of audit days for the initial certification, the surveillance audit and recertification depends on the number of full-time employees in your organization, the complexity of your automation and work processes, etc. We use the tables in ISO 27006 and NCS 7510 for this.
We follow the above standards for expanding or narrowing the scope of certification, or if you decide to switch from another Certification Body to us.
Decisions about certificates are taken by our Certification Committee. This concerns, among other things:
- Certification (of the client following an initial audit);
- Renewal (of the certificate following a recertification audit);
- Refuse (from certification);
- Approve scope (following a request from a certified customer to expand or reduce the scope of certification);
- Withdrawal (of a certificate);
- Suspension (of a certificate);
- Recovery (of a certificate after suspension).
Appeal against a conformity assessment
If you disagree with a decision of our Certification Committee, you can appeal against it. The page ‘Complaints and Appeal Procedure’ contains a form to submit a request for appeal.
To successfully complete a certification process, your organization must:
- Meet certification requirements;
- Make all necessary arrangements to conduct the audits, including facilities for documentation review and access to all processes and areas, files and personnel for initial certification, monitoring, recertification and complaint resolution;
- Make arrangements, where appropriate, to allow the presence of observers (e.g. accreditation assessors or trainee auditors).
If a certificate has been awarded, the following rules apply in accordance with the standards and guidelines:
- Noordbeek Certification will inform you if the requirements for certification change, or if a person or organization submits a complaint related to a certificate that has been awarded to your organization;
- Your organization informs Noordbeek Certification about changes in the management system that relate to an awarded certificate. These include a change in the ownership of the organization, changes in the management structure, an adjustment of the scope, a change of address, etc.
See also the General Terms and Conditions of Noordbeek Certification on this website.