Consilium Labs adheres to strict audit processes that fully comply with ISO/IEC 17021:2015 in conjunction with ISO/IEC 27006:2016. In addition, ISO 19011:2011(E) is used for ongoing guidance purposes.
All audit processes, rules, and limitations stated in the certification agreement or in supporting documentation are derived from the standards above.
Consilium Labs follows the standards’ rules and guidance when determining a scope of an ISMS audit. An ISMS scope can be influenced by a myriad of factors including: the number of physical facilities, complexity of the ISMS, business processes within scope of ISMS, previous audit results, usage of outsourcing and more. Where it might be feasible in some cases to limit a scope for a specific business unit or business process, in other cases it may not be feasible. As such, Consilium Labs does not provide any guarantee on limiting the audit scope nor does it provide any guarantee of a successful audit process for any of its customers.
Consilium Labs will follow the certification guidelines provided by the ISO/IEC 17021:2015 for determining whether a client is in conformity or not. Certificates will be issued for a 36 months period for successful audits only. A surveillance audit will take place at least once a year and in the event of major organizational changes. If a customer is found to be in breach of the certification agreement and/or misusing the ANAB marks, Consilium Labs will revoke its certificate and notify ANAB as applicable.
Consilium Labs provides audit services for ISMS under the ISO/IEC 27001:2013(E) framework.
For any complaints or appeals, please submit the complaint to the following email address: [email protected]