Coalfire ISO is an ISO/IEC 27001 Certification Body accredited by the ANSI-ASQ National Accreditation Board (ANAB). The following statements and policies are a component of our commitment to impartiality and independence.
Audit and Certification process
Coalfire ISO provides ISO 27001 audit and certiﬁcation services to our clients, utilizing the framework required in the ISO 17021-1:2015 and ISO 27006 Standards. The process is highly structured and follows a number of stages as described in the section on the Certiﬁcation Process on this website. As part of that process, clients are informed of their rights and obligations when applying for certiﬁcation of a management system and following the Coalfire ISO certiﬁcation of the management system.
The scope, timing and deliverables of our services, as well as the rights and obligations of both parties are documented in the fully executed agreement between Coalfire ISO and you our client, prior to the commencement of any audit or certiﬁcation services.
An essential component of Coalfire ISO’s certiﬁcation service is the requirement for Coalfire ISO to remain completely impartial in our client assessment and certification process. Our company, as well as our personnel, will remain independent at all times from our clients. Certiﬁcation determinations are based completely on objective criteria and the information presented by the client, and are not improperly influenced by bias or prejudice.
Coalfire ISO operates in accordance with ISO 17021-1:2015 and has instituted an independent Impartiality Committee whose specific role is to ensure that the impartiality of our certiﬁcation services is safeguarded on a continuous basis.
Processes for Granting, Refusing, Maintaining, Renewing, Suspending Certification
The processes for granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of certification to the ISO 27001 standard are documented and contained within the terms and conditions of the client agreement with Coalfire ISO, as well as additional documentation provided on completion of the certification process.
Each audit results in reports, supporting evidence, documentation and auditor recommendations being provided to the Coalfire ISO Certification Committee, which is the body responsible for making final Certification decisions, as well as all other possible outcomes (i.e. granting, refusing, maintaining, renewing, etc.)
A certification audit will not be finalized until decisions are made by the Certification Committee. Once the decision has been formalized, the proper and corresponding action with respect to the outcome of the audit will be taken by the audit team in communication to the client.
The current certiﬁcation status of all Coalfire ISO clients may be referenced by utilizing our Client Directory. This directory allows any external entity to verify current certification status based on the client company name or certification number.
At all times Coalfire ISO reserves the right to suspend client certification if they fail to maintain compliance with the conditions of certiﬁcation. A client's certiﬁcation is invalid while in a suspended status. Any such suspensions are clearly reflected in the certificate status field of the clients entry in the Client Directory.
Appeals Handling Process
The client may, through the appeals process outlined on the Coalfire ISO Appeals webpage, request reconsideration of a decision made by Coalfire ISO for reasons concerning incompetent or prejudice assessment results, including disagreements pertaining to audit findings, severity classifications, assessment approach, and enforced deadlines.
Notification of the intention to appeal could be supported by relevant facts or data for consideration during the appeals evaluation. Possible methods to receive an appeal could include, but not limited to, the following: Coalfire ISO website form submission, email communication, verbal notification, commentary provided within customer satisfaction survey. The management team should seek out the following information, where appropriate, in order to assess the nature of the appeal:
- The name of the appellant
- Contact details for the appellant
- The application, audit, certification decision that is the subject of the appeal
- Description of the appeal
Those individuals involved in the evaluation of an appeals case should not comprise of the affected audit cycle assessment team composition. The results of the appeals process will not affect any relationships between the client organization and the certification body, especially actions that would be considered preferential or biased in nature.
Once the decision regarding an appeal has been made, no counterclaim by either party in dispute can be executed to amend or change this decision unless additional, relevant supporting documentation is provided for review. Where similar appeals are received, Coalfire ISO management team will consider the results of historical cases that have determined precedents when handling particular matters. In instances where the appeal has been successful and the certificate is issued or reinstated, no claim can be made against Coalfire ISO for reimbursement of costs or any other losses incurred as a result of the withholding, suspension, or withdrawal notification.
Complaints Handling Process
A complaint is a formal record of a dissatisfaction by any user affected by a certified management system as verified by the certification body. Complaints can be received in various forms, including, but not limited to, formal submissions via the Coalfire ISO Complaints webpage, written form by mail, email communication, and verbal notification.
If Coalfire ISO is in receipt of a complaint for a certification client regardless of its current status of conformity for any management system(s) under review by the certification body, the Coalfire ISO management team will digest all inbound information during the development of the initial case set up. The Coalfire ISO management team will serve as the authority on all inbound complaints and follow up handling processes. Additionally, the Coalfire ISO management team will remove any individuals that are considered part of the audit team composition supporting the Client Organization from providing input into the activities workflow.
In some cases, the Coalfire ISO management team may determine that a complaint is actually an inquiry to certificate status for a certified management system maintained by the certification body, where public look up was not accessible or functioning appropriately via the Coalfire ISO Certificate Directory. If the submission conforms to this definition for an inquiry, the complaints-handling process is terminated upon response provided to the requesting party.
Where a certified client is the subject of a complaint, a representative of the Coalfire ISO management team will promptly communicate these actions to the certified client within an appropriate timeframe while maintaining the integrity of any ongoing investigations.
Where inbound information received for a complaint is insufficient for the certification body to evaluate via further inspection, a representative from the Coalfire ISO management team will follow up with the complainant to retrieve additional information or clarification, where appropriate.
In extenuating circumstances where the results of a complaint leads to the modification of a conformity decision for a management system, the a member of the Coalfire ISO management team may determine the need to publicize these actions. In these cases, the certification body will seek input from both the certified client and affected complainant, as appropriate, prior to disseminating information on the basis of confidentiality and local laws governing public disclosure of events.
The complaints process will be started within one (1) business day by Coalfire ISO.
Once the decision regarding a complaint has been made, no counterclaim by either party in dispute can be executed to amend or change this decision unless additional, relevant supporting documentation is provided for review. Where similar complaints are received, Coalfire ISO management team will consider the results of historical cases that have determined precedents when handling particular matters.
Coalfire ISO Name and Logo
As an accredited certification body, Coalfire ISO has developed a trademarked logo that attests to the verified conformance of our client’s ISMS with the requirements of the ISO 27001 standard.
The rules associated with the use of our name and logo with respect to ISO 27001 certifications are documented in the terms and conditions of our contract and again in further documentation provided upon successful certification for our clients.
Coalfire ISO monitors the use of its name and logo, to ensure compliance with our contractual agreement as well as the ISO 17021-1:2015 and ISO 27006 standards which govern Coalfire ISO operations as a Certification Body.
Complaints against Coalfire ISO or its clients are not made public unless required by a court of law.