ISO Certifications

Audit Services

ISO Certifications

Need Help Determining If ISO Is Right for You?

ISO engagements have become increasingly important for organizations, especially those delivering products and services outside of the continental United States. ISO standards allow for the standardization of requirements and controls, providing customers with confidence that their systems and data are protected. Hancock Askew takes these standards very seriously and aims to continually position itself as the premier provider of quality ISO reports for organizations seeking to deliver peace of mind.

Learn more below about the different types of ISO reports we deliver to determine which report is best for your company:

Year 1 – Initial ISO Certification

  • Stage 1 audit is usually carried out over 1 or 2 days and typically occurs onsite. For organizations with more than 1 location, the audits are usually carried out at your central function location.
  • Stage 2 audit evaluates the implementation and effectiveness of your organization’s management system(s).

Year 2 – Surveillance

  • The first of the Surveillance Audits is still checking that the documented processes comply with the Standard, but will only look at several mandatory processes and a selection of the remaining processes.

Year 3 – Surveillance

  • The final year in the three-year cycle will consist of another Surveillance Audit, covering several mandatory processes and the remaining processes not covered in the previous year.

Below are key dates for the transition period as defined by the International Accreditation Forum (IAF) August 2022 guidance.

4/30/2023

Accreditation bodies/auditors must be ready to assess to ISO 27001:2022.

10/31/2023

Organizations seeking initial ISO 27001 certification will be required to adopt the new standard.

4/30/2024

All existing ISO/IEC 27001:2013 Certified Clients shall be audited (surveillance or recertification audits) against ISO/IEC 27001:2022.

10/31/2025

Organizations with an active ISO 27001 certification will be required to transition to the new standard. All ISO 27001:2013 certificates issued after October 31st, 2022, will expire on October 31st, 2025.

ISO Services

Relevant Insights

Leadership Team

IT Risk Assurance & Advisory Partner