ISO Certifications

Need Help Determining If ISO Is Right for You?

We can help with your specialized needs

ISO Engagements have become increasingly important for any organizations, specifically for those delivering products and services outside of the continental United States. ISO has allowed for a standardization of requirements and controls to be implemented throughout organizations which provides customers with a sense of calm that the systems and data being utilized are protected. HAC takes these standards very seriously and aims to continually position itself as the premier provider of quality ISO reports for organizations who aim to deliver peace of mind.

Learn more below about the different types of ISO reports we deliver to determine which report is best for your company:

  • ISO 27001:2022
    Provides a framework and the necessary requirements of the design, implementation, and continuous monitoring of an Information Security Management System (ISMS). Have you considered your organization’s ability to sufficiently protect your systems and data?
  • ISO 27701:2019
    Provides organizations guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS).


Request a Quote



Year 1 – Initial ISO Certification

  • Stage 1 audit is usually carried out over 1 or 2 days and typically occurs onsite. For organizations with more than 1 location, the audits are usually carried out at your central function location.
  • Stage 2 audit evaluates the implementation and effectiveness of your organization’s management system(s).

Year 2 – Surveillance

  • The first of the Surveillance Audits is still checking that the documented processes comply with the Standard, but will only look at several mandatory processes and a selection of the remaining processes.

Year 3 – Surveillance

  • The final year in the three-year cycle will consist of another Surveillance Audit, covering several mandatory processes and the remaining processes not covered in the previous year.

Effective Dates and Transition

Below are key dates for the transition period as defined by the International Accreditation Forum (IAF) August 2022 guidance.

4/30/2023 Accreditation bodies/auditors must be ready to assess to ISO 27001:2022.
10/31/2023 Organizations seeking initial ISO 27001 certification will be required to adopt the new standard.
4/30/2024 All existing ISO/IEC 27001:2013 Certified Clients shall be audited (surveillance or recertification audits) against ISO/IEC 27001:2022.
10/31/2025 Organizations with an active ISO 27001 certification will be required to transition to the new standard.  All ISO 27001:2013 certificates issued after October 31st, 2022, will expire on October 31st, 2025.



ISO Impartiality & Inquiries

Our specialists

Nirav Shah, CPA, CIA, CITP

IT Risk Assurance & Advisory Partner


Chesley Whitesides, CPA

Manager, IT Risk Assurance & Advisory


Alex Gothard, CISA

Manager, IT Risk Assurance & Advisory



  • ISO 27001:2013 & 27001:2022
  • ISO 27701:2019

Get in Touch

How can we help? We want to hear from you. Sign up below to get in touch with one of our experts.

Stay up-to-date

Remain informed and connected. Follow us and join our mailing list.