ISO 27001:2022

What is ISO 27001:2022?

All organizations today have to respond to a rapidly changing and increasingly threatening range of information security risks – risks which can, if unmitigated, lead to severe financial, regulatory and reputation damage for organizations. Information security investment and control decisions should be specifically driven by the outcome of a risk assessment process that identifies risks to specific information assets. We provide clear, practical and comprehensive inspection/auditing on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard that will help achieve corporate risk management objectives.

The Benefits of implementing ISO 27001:2022

Why seek certification to ISO 27001:2022?

How do you start to implement ISO 27001:2022? What is involved?

Certification Process:

Pre Audit

Client interested in obtaining certificate of registration under QMS scheme from CQAL, shall have established a documented quality system in accordance with the requirements of current version of the ISO 27000 standard and the applicable product standards.

CQAL Certification Services reviews the submitted documentation against the requirements of ISO 27000 standard and prepares a report detailing its finding. The deficiencies, if any, will have to be corrected prior to assessment, since this documentation will form a part of assessment criteria during assessment.

Stage – 1 Audit

Stage 1 assessment shall include – Review of quality manual/ procedures, supporting documentation, evaluation of client’s location, assessment of preparedness for stage 2 audit, collecting of information regarding the scope of the management system, statutory and regulatory aspects, legal aspects and risks and processes and locations, preparation of an audit plan for stage 2 audit, evaluation of internal audits and management review performed by the customer.

Stage – 2 Audit

Stage 2 assessment is an on-site assessment which includes

- Evaluation of the implementation, including effectiveness of the client’s management system

- Evidence about conformity to all requirements of the applicable standard or scheme

- Performance monitoring and reviewing against key performance objectives and targets

- Conformance to regulatory and legal aspects relevant to the standard

- Operational control of the client’s processes

- Internal auditing, management review and management responsibility, competence of personnel, performance data, audit findings and conclusions

- Links between the normative requirements, policy, performance objectives and targets


CQAL Certification Services will issue a certificate of registration to the applicant once the corrective action has been accepted. The certificate carries a validity of three years from the date of issue subject to satisfactory findings during surveillances.

The certified clients are committed through signing of certification agreement to comply with the certification body’s requirements.

Surveillance Audit

-  Annual surveillance method – which includes conducting one surveillance audit annually, and performing a Recertification every third year

-  Semi-annual surveillance method – which includes conducting two audits annually and a Recertification every third year

- Implementation or the corrective actions required by the previous audit

- Review of changes in the organization

- Management reviews

- Internal system audits

- Customer complaints

- Corrective and preventive actions

- Scopes/activities that have changed since the last audit

- Customer complaints & appeals received in the Division concerning the organization

- Use of marks (certification logos)


The client’s quality system is re-assessed for the renewal of certificate. All actions related with renewal (including completion of corrective actions) shall be completed before expiry of certificate to ensure continuity of certificate.

Form Downloads

Reach us for:

Are we ready for certification audit? What is the cost of an audit to ISO 27001:2022? When can we get audited? Please Contact us for more information!