August 6, 2019

Last Updated on January 13, 2024

This short post is the seventh in a series that explains in straightforward terms the process we follow to build an ISO 27001 certifiable Information Security Management System (ISMS). You can access our entire proven process here.
We hope you find these bite-sized posts useful for understanding how ISO 27001 certification is achieved, and what it could look like for your organization. You may want to read them in order, starting with Step 1. Enjoy!
To achieve your initial ISO 27001 certification, the operation of your ISMS is formally evaluated and certified by an ISO 27001 Registrar in an independent “Certification Audit.”
Stage 1 of the audit is different from what you might expect, in that it focuses exclusively on the design and operation of ISMS clauses 4 through 10 in the ISO 27001 standard. For that reason, making sure you are optimally prepared and/or supported by an experienced ISO 27001 implementer can go a long way towards a successful Stage 1 outcome.

“… making sure you are optimally prepared and/or supported by an experienced ISO 27001 implementer can go a long way towards a successful Stage 1 outcome.”


After successful completion of Stage 1, the auditor will return several weeks later to conduct Stage 2 of your certification audit. This stage concentrates on the design and operation of controls as outlined in ISO 27001’s Annex A. Understanding the external audit program, its relationship to your risk assessment, and the auditor’s background are all keys to a smooth Stage 2 audit and subsequent certification of your ISMS.
Have questions about ISO 27001 certification or the best way to achieve your information security goals? Contact Pivot Point Security—we specialize in advising organizations on how to manage information security risk.

View our free ISO 27001 downloadable resources »

Access All ISO 27001 Proven Process Step Posts Here:

  1. Understand Your Scope
  2. Understand your InfoSec Controls
  3. Identify and Analyze Information Related Risk
  4. Build a Risk Treatment Plan
  5. Execute the Risk Treatment Plan
  6. Conduct an Internal Audit
  7. Certify Your ISMS
  8. Maintenance, Continuous Improvement and Recertification

Also, here is our ISO 27001 Proven Process PDF

ISO 27001 Recipe & Ingredients for Certification eBrief

ISO 27001 Recipe & Ingredients for Certification eBrief Discover what you need to achieve ISO 27001 certification! This eBrief will give you a quick and easily digestible introduction to the ISO 27001 standard and the process of becoming ISO 27001 certified.