EN 
NL 
DE 
It's a common question: what does an initial audit entail? We explain, are you reading along?
Initial audit: the quotation process
The initial certification audit consists of several steps. When you contact us, our sales department will first send you an intake form. This is not meant to make things difficult or cumbersome, but to arrive at an appropriate offer, we need more information from you than just your name and address.
The number of audit hours for certification depends on the size of your organisation (number of FTEs), but we also ask for more information about your ICT. What do you do and, more importantly, what don't you do, and what are you responsible for? You will find these and some other questions in our intake form. Most of the time, the form speaks for itself. If you have any questions about this, you can always contact us. Return the completed form to our sales department. They will then work out the quotation for you and send it to you. If the proposal is approved, we will ask you to sign it. Our planning department will contact you to schedule the initial audit.
The initial certification audit
It consists of two phases. Stage 1 and Stage 2. Together, they constitute the initial certification audit.
Phase 1 of the audit
During this phase 1 audit (also called preliminary audit), you get to know the auditor and he gets to know your organisation. The auditor looks at various documents in your management system, the implementation of the internal audit and whether there is anything else we need to consider during the phase 2 audit. Together with the auditor, the audit plan for phase 2 is also made. Which topics will be covered on which day and who do we need for this? This allows the audit appointments to be scheduled with everyone in a timely manner. At the end of the phase 1 audit, the auditor gives an opinion whether you are/are not ready for the phase 2 audit. Between a phase 1 and phase 2 is normally about 6 weeks. The maximum is 6 months. After that, phase 2 of the initial audit continues.
Phase 2 of the audit
The phase 2 audit is the main part of the certification audit. During this audit, the auditor takes extensive time to assess the implementation and effectiveness of the management system and all control measures.
Several interviews are held, for example the management, the security officer, head of IT, HRM, project leaders, facilities, etc. Who is interviewed on which day and on which subject is already determined during phase 1 in the audit plan. This allows everyone to prepare properly for the certification audit. The auditor will look for how you have translated the standard requirements into your own requirements (that are reflected in policy, procedure, instructions and forms) and then assess whether you are working in accordance with your own requirements.
Final interview and certificate Initial audit
At the end of phase 2, the auditor holds a 'closing meeting' with you. Here, the auditor informs you about what is going well and any shortcomings. These may be some Non-Critical or Critical deviations. In addition, the auditor will also point out opportunities for improvement. The auditor will carefully explain each finding to you.
Depending on the audit result, the auditor will inform you whether he will give a positive or negative opinion for the initial certification audit. The entire audit file will be assessed by the Certification Manager, who, if everything is in order, will take the certification decision. Our back office will then immediately draw up your certificate and send it to you. From then on, you may communicate to everyone that you are certified and have successfully passed the initial audit.
