Cyber Risk Management + Compliance Services

ISO 27001 Certification Services

Secure an ISO 27001 certification with Smith + Howard’s ANAB-accredited team

Demonstrate the sophistication of your Information Security Management System (ISMS) with an ISO 27001 certification: the world’s gold standard in managing and protecting sensitive information. The certification signals to the worldwide community an organization has implemented an ISMS process that effectively identifies material risks confronting digital information and has a comprehensive suite of controls aimed at addressing those risks.


The ISO 27001 Certification Process

Growing your business demands a diligent approach to data security.

Kick off the process of obtaining an ISO 27001 certification today with Smith + Howard’s Cyber Risk Management + Compliance Security team.

Stage 1 Audit:
Gap Analysis + Documentation Review

Smith + Howard’s Cyber Risk Management + Compliance Security team conducts a preliminary audit of your organization’s current ISMS and reviews all documentation, including existing policies, procedures, and risk assessments.

This process identifies security gaps that affect your organization’s ability to secure a certification and outlines steps to remedy these.

Stage 2 Audit: Certification Audit

This stage examines whether your organization is in conformity with ISO 27001 standards through further documentation review, employee interviews, and observations of key processes that determine the effectiveness of your organization’s ISMS.

If your existing security program and internal controls satisfy ISO 27001 standards, Smith + Howard will award your organization an ISO 27001 Certification, valid for three years.

Surveillance Audit

To maintain your ISO 27001 certification, your organization must complete a surveillance audit in both years two and three of your certification period.

During this process, our auditors will examine documentation, processes, and procedures to ensure your organization’s ISMS remains in compliance with the original certification and is subject to regular improvement.

Recertification Audit

After three years, your organization must undergo a recertification audit to maintain its ISO 27001 certification.

The recertification audit process features a comprehensive reassessment of your ISMS to determine whether your information security frameworks still satisfy ISO 27001 standards.

Smith + Howard

Your ISO 27001 Certifying Body

At Smith + Howard, we take a transparent, service-driven approach to the ISO 27001 certification process. Clear communication, technical expertise, and responsive service are fundamental to the way we serve our clients.

As one of a select few public accounting firms accredited by ANAB as an ISO 27001 certification body, we offer an independent process backed by over 50 years of experience serving leading businesses across multiple industries.

To learn more about Smith + Howard’s ISO standard and certification process, download our guide here. Smith + Howard’s accreditation certificate can be accessed here.

Abstract data background

Cyber Risk Management + Compliance Team

Oliver Villacorta
Senior Manager
Smith + Howard Advisory LLC

If you are not learning and improving, you are going backwards. Nothing can stay stagnant in life and developing myself into a better professional through self-development in my areas of expertise and leadership is of the utmost importance to me.

Marvin H. Willis
Smith + Howard PC
Smith + Howard Advisory LLC

Clients would be the core value that drives me and my group. I am constantly looking for new service lines to drive our growth within the Accounting and Advisory practice side of the firm. Knowing many of our services are non-recurring, I have to continue to focus on keeping the sales pipeline full to allow for continued year over year growth.

Who We Help

Securing an ISO 27001 certification is an important step for every organization that handles sensitive information including personal data, financial information, healthcare records, and intellectual property.

Our clients cover a wide range of industries. Among them, include:

  • Healthcare
  • Professional Services
  • Insurance
  • And More
modern mint green building with fire escape stairs

Explore our other Cyber Risk Management + Compliance Services

Cyber Risk Management + Compliance Services

  • At Smith + Howard, our Cyber Risk Management + Compliance Security Group provides a variety of security solutions.
  • Learn More

Cyber Risk Assessments

  • One of the biggest impediments to understanding a business’s cyber risks is simply not knowing where to start. Let us help with that.
  • Learn More

ANAB: ANSI National Accreditation Board
ANSI: American National Standards Institute</3m>

An attestation from a full-service CPA firm offers your organization, as well as your clients and business partners, the highest level of assurance that your ISMS approach has been examined critically and independently. As an accredited certification body providing ISO 27001 audits and certifications, we cannot provide you with management consulting, technology, implementation, or managed services to ensure impartiality (although certain tax work does not pose a conflict of interest). As an additional benefit, our ISO 27001 recommendations will serve as a foundation that helps your organization avoid potentially substantial non-compliance fines related to other data privacy laws and regulations, such as SOC 2 and HIPAA.

Contact Us

Contact us to learn more about how our cyber risk management + compliance services can help you.