Candidate organisation is visited by an IASME Certification Body who verifies compliance with the standard and, if appropriate, issues certification. It offers a similar level of assurance to the internationally recognised ISO 27001 standard but is simpler and often cheaper for small and medium-sized organisation to implement.
An onsite visit will provide for more scope in terms of analyzing the client’s security practices and configurations. The audit can be scheduled as it involves interviews with members of staff and a review of documentation and system configuration. The assessor may also wish to visit branch offices or other locations in order to verify that good security practice is maintained across the organisation as a whole. Once the audit has been completed, the Certification Body will provide you with a written report of their findings and a recommendation of a pass or fail, which will then be ratified by IASME.