Policies, Processes, and Responsibilities

BARR Certifications is a certification body (CB) accredited by the ANSI National Accreditation Board (ANAB). Here is more information on our policies, processes, our responsibility to remain independent partners, and more.

What to Expect

BARR Certifications conform to the ISO 17021, ISO 27006, and ISO 27006-2 standards to offer ISO 27001 and ISO 27701 audit and certification services. This structured process includes a variety of stages. First, we will discuss your client rights and obligations when applying for certification. Before we get started, we’ll work together to develop a comprehensive agreement between BARR Certifications and your company that includes details about the overall scope, timeframe, and deliverables. Detailed certifications activities are found here.

Certification Decision

BARR Certifications is responsible for and will retain authority for its decisions relating to certification, including the granting, refusing, maintaining, renewing, suspending, restoring or withdrawing of certification. The client has a perpetual responsibility to maintain compliance with ISO/IEC 27001 and/or ISO/IEC 27701 requirements during the period of certification. The terms and conditions section of our client agreement or engagement letter, along with additional documentation you will receive upon completion of the certification process, will detail these processes in further detail. Following confirmation that necessary corrective actions are addressed, the findings and recommendations made in the audit report are subject to an internal review and certification decision process. Once the client has met the requirements for BARR Certifications to grant certification to the standard, the client will be issued a certificate and/or scope of certification.

Based on the results of surveillance audits or other circumstances, BARR Certifications holds the right to suspend, withdraw, or reduce the scope of the certification. Refusal of certification could be due to the client’s non-compliance in a number of factors, including our terms and agreements. Such decisions and the grounds for them will be communicated to the organization in writing. When a client’s certification is suspended or refused, the client shall cease (or withdraw) use of the certification mark or any promotional material that promotes or advertises the fact that the client is certified.

Our Role and Policy as an Independent Partner

Fulfilling BARR’s promise of professionalism to each other, our clients, and the markets we serve is our single most important responsibility. A transaction that is good for business but could compromise professionalism and integrity of the firm is not tolerated. Professionalism is the sustaining force that will help ensure long-term success. One of the most important aspects of our promise of professionalism is the requirement to be independent in fact and appearance.

Maintaining independence is fundamental. Behavior that meets the highest ethical standards, and that fully complies with legal and regulatory requirements, is what allows us to provide objective and independent opinions and certification. Client evaluation and engagement continuance review procedures are performed to help identify threats to impairment of independent. If effective safeguards cannot be applied, the firm will withdraw from the engagement or take other corrective actions as appropriate to eliminate the breach. Unacceptable threats to impartiality include the following.

  • BARR Certifications shall not certify another certification body for its quality management system.
  • BARR Certifications or any of its personnel shall not perform internal audits to its certified clients. A recognized mitigation of this threat is that BARR Certifications shall not certify a management system on which it (or any shared resources) provided internal audits for a minimum of two years following the completion of the internal audits.
  • BARR Certifications personnel used for certification activities of a client shall not have previously performed management system consultancy for such clients. This means we cannot provide any professional consulting services to assist in the design, selection, or implementation of controls to meet the ISO 27001 or ISO 27701 requirements.
  • BARR Certifications shall not outsource audits to a management system consultancy organization. This does not apply to individuals contracted as auditors.

Client Directory

BARR Certifications maintains a Client Directory detailing the current certification status of all ISO clients, allowing external third parties to verify a status when needed based on a company’s name or certification number.

Other Important Policies and Processes:

Appeals Handling Process

Clients can appeal a decision made by BARR Certifications for any reason, including incompetent or prejudice assessment results, along with any disagreements in terms of certification audit findings, classifications, deadlines, and more. If appealing, be prepared to provide relevant facts or data for consideration.

The appeal process can begin by submitting the form on the BARR Certifications appeals webpage, sending an email or verbally communicating your desire to appeal to the BARR Certifications management team directly, and/or through commentary provided to us within our client satisfaction survey. Our management team will need the following information to assess the nature of the appeal:

  • Name of appellant
  • Appellant contact information
  • Application, audit, and certification decision subject to the appeal
  • Appeal description

Once a decision has been made regarding the appeal, no counterclaims can be made by either party to change the decision unless additional supporting documentation is provided. BARR Certifications will consider the results of historical cases when similar appeals are received. If an appeal is successful and a certification is insured or reinstated, claims cannot be made against BARR Certifications for reimbursement of costs associated with the withholding, suspension, or withdrawal notification.

Complaints Handling Process

Any affected user can submit a formal complaint via the BARR Certifications complaint webpage, send your complaint in written form via mail, email, or through verbal communication with the management team. BARR Certifications will review all information during the development of an initial complaint case regardless of its current certification status. Our management team will serve as the authority on all incoming complaints and spearhead the overall process, removing any individuals within the audit team. BARR Certifications will initiate the complaints process within one day. In some cases, a complaint is a certification status inquiry that is not appearing within BARR Certifications’ Client Directory, and will therefore require a response to the requesting party, terminating the complaints-handling process. 

If a certified client is the subject of a complaint, a member of the BARR Certifications management team will serve as a representative, communicating actions within an appropriate timeframe and maintaining integrity across any other ongoing investigations. 

Should complaint information be determined insufficient, a management team representative will follow up to retrieve additional necessary information or clarification. 

If a complaint results in the modification of a decision, a member of the BARR Certifications management team may feel the need to publicize this information. In this extenuating circumstance, the certification body will ask for input from the client and complainant prior to publicizing, ensuring confidentiality and compliance with local laws governing public disclosure of events. 

Once a decision has been made regarding the complaint, no counterclaims can be made by either party to change the decision unless additional supporting documentation is provided. BARR Certifications will consider the results of historical cases when similar appeals are received.

Confidentiality

Except as required in ISO/IEC 17021, information about a particular certified client or individual shall not be disclosed to a third party without the written consent of the certified client or individual concerned.

  1. BARR Certifications is responsible for the management of all information obtained or created during the performance of certification activities, including committees and external bodies or individuals acting on its behalf.
  2. BARR Certifications shall inform the client, in advance, of the information it intends to place in the public domain. All other information, except for information that is made publicly accessible by the client, shall be considered confidential.
  3. Except as required in this part of ISO/IEC 17021, information about a particular certified client or individual shall not be disclosed to a third party without the written consent of the certified client or individual concerned.
  4. When BARR Certifications is required by law or authorized by contractual arrangements to release confidential information, the client or individual concerned shall, unless prohibited by law, be notified of the information provided.
  5. Information about the client from sources other than the client (e.g. complainant, regulators) shall be treated as confidential, consistent with the certification body’s policy.
  6. Personnel, including any committee members, contractors, personnel of external bodies or individuals acting on the certification body’s behalf, shall keep confidential all information obtained or created during the performance of the certification body’s activities except as required by law.

Suspension Policy

If a client fails to maintain compliance with certification conditions, BARR Certifications reserves the right to suspend certification. During a suspension period, certification is invalid, and these periods are reflected in the status field within our Client Directory.

BARR Certifications Name and Logo Usage Policy

BARR Certifications is an accredited certification body, and for that we have developed a trademarked certification mark. Rules for the use of the BARR Certifications name and logo are documented within the terms and conditions section of our client agreement, and within documentation given to clients upon successful certification. We closely monitor the use of our name and logo to ensure compliance with standards governing us as a certification body. Complaints against BARR Certifications or our clients are not made public unless required by law. Certified clients may use our certification mark subject to the following conditions:

  1. The certification mark may be used on correspondence, advertising and promotional material in conjunction with the certified client’s name, and shall not be used in connection with services, activities, or locations not covered by the scope of certification;
  2. The certification mark shall not be used on a product nor product packaging nor in any other way that may be interpreted as denoting product conformity;
  3. The certification mark shall not be altered, including both style and colors;
  4. Upon termination of certification, the certified client shall immediately discontinue use of the mark. Use of the marks is not to be reinitiated unless certification is fully reinstated.

Note: The ISO logo is a registered trademark and use of the ISO logo is not allowed by anyone outside of ISO. As owner, ISO has control of the ISO mark and name.