Demonstrate the sophistication of your Information Security Management System (ISMS) with an ISO 27001 certification: the world’s gold standard in managing and protecting sensitive information. The certification signals to the worldwide community an organization has implemented an ISMS process that effectively identifies material risks confronting digital information and has a comprehensive suite of controls aimed at addressing those risks.
Kick off the process of obtaining an ISO 27001 certification today with Smith + Howard’s Cyber Risk Management + Compliance Security team.
Smith + Howard’s Cyber Risk Management + Compliance Security team conducts a preliminary audit of your organization’s current ISMS and reviews all documentation, including existing policies, procedures, and risk assessments.
This process identifies security gaps that affect your organization’s ability to secure a certification and outlines steps to remedy these.
This stage examines whether your organization is in conformity with ISO 27001 standards through further documentation review, employee interviews, and observations of key processes that determine the effectiveness of your organization’s ISMS.
If your existing security program and internal controls satisfy ISO 27001 standards, Smith + Howard will award your organization an ISO 27001 Certification, valid for three years.
To maintain your ISO 27001 certification, your organization must complete a surveillance audit in both years two and three of your certification period.
During this process, our auditors will examine documentation, processes, and procedures to ensure your organization’s ISMS remains in compliance with the original certification and is subject to regular improvement.
After three years, your organization must undergo a recertification audit to maintain its ISO 27001 certification.
The recertification audit process features a comprehensive reassessment of your ISMS to determine whether your information security frameworks still satisfy ISO 27001 standards.
At Smith + Howard, we take a transparent, service-driven approach to the ISO 27001 certification process. Clear communication, technical expertise, and responsive service are fundamental to the way we serve our clients.
As one of a select few public accounting firms accredited by ANAB as an ISO 27001 certification body, we offer an independent process backed by over 50 years of experience serving leading businesses across multiple industries.
To learn more about Smith + Howard’s ISO standard and certification process, download our guide here. Smith + Howard’s accreditation certificate can be accessed here.
Clients would be the core value that drives me and my group. I am constantly looking for new service lines to drive our growth within the Accounting and Advisory practice side of the firm. Knowing many of our services are non-recurring, I have to continue to focus on keeping the sales pipeline full to allow for continued year over year growth.
Securing an ISO 27001 certification is an essential step for any organization managing sensitive information such as personal data, financial details, healthcare records, and intellectual property. It also provides a solid foundation for compliance with key cybersecurity and data protection regulations, including GDPR, DORA, and NIS2.
Our clients cover a wide range of industries, including:
Smith + Howard is among the select accounting firms in the United States recognized as a WLA Assessment Service Entity (ASE): This distinction from the World Lottery Association (WLA) highlights our deep expertise and unwavering commitment to assisting organizations operating in complex and high-risk environments.
Learn More
ANAB: ANSI National Accreditation Board ANSI: American National Standards Institute</3m>
An attestation from a full-service CPA firm offers your organization, as well as your clients and business partners, the highest level of assurance that your ISMS approach has been examined critically and independently. As an accredited certification body providing ISO 27001 audits and certifications, we cannot provide you with management consulting, technology, implementation, or managed services to ensure impartiality (although certain tax work does not pose a conflict of interest). As an additional benefit, our ISO 27001 recommendations will serve as a foundation that helps your organization avoid potentially substantial non-compliance fines related to other data privacy laws and regulations, such as SOC 2 and HIPAA.
Contact us to learn more about how our cyber risk management + compliance services can help you.
Subscribe to our newsletters to get inside access to timely news, trends and insights from Smith + Howard.
