Policies, Processes, and Responsibilities
BARR Certifications is a certification body (CB) accredited by the ANSI National Accreditation Board (ANAB). Here is more information on our policies, processes, our responsibility to remain independent partners, and more.
What to Expect
BARR Certifications conform to the ISO 17021, ISO 27006, and ISO 27006-2 standards to offer ISO 27001 and ISO 27701 audit and certification services. This structured process includes a variety of stages. First, we will discuss your client rights and obligations when applying for certification. Before we get started, we’ll work together to develop a comprehensive agreement between BARR Certifications and your company that includes details about the overall scope, timeframe, and deliverables. Detailed certifications activities are found here.
BARR Certifications is responsible for and will retain authority for its decisions relating to certification, including the granting, refusing, maintaining, renewing, suspending, restoring or withdrawing of certification. The client has a perpetual responsibility to maintain compliance with ISO/IEC 27001 and/or ISO/IEC 27701 requirements during the period of certification. The terms and conditions section of our client agreement or engagement letter, along with additional documentation you will receive upon completion of the certification process, will detail these processes in further detail. Following confirmation that necessary corrective actions are addressed, the findings and recommendations made in the audit report are subject to an internal review and certification decision process. Once the client has met the requirements for BARR Certifications to grant certification to the standard, the client will be issued a certificate and/or scope of certification.
Based on the results of surveillance audits or other circumstances, BARR Certifications holds the right to suspend, withdraw, or reduce the scope of the certification. Refusal of certification could be due to the client’s non-compliance in a number of factors, including our terms and agreements. Such decisions and the grounds for them will be communicated to the organization in writing. When a client’s certification is suspended or refused, the client shall cease (or withdraw) use of the certification mark or any promotional material that promotes or advertises the fact that the client is certified.
Our Role and Policy as an Independent Partner
Fulfilling BARR’s promise of professionalism to each other, our clients, and the markets we serve is our single most important responsibility. A transaction that is good for business but could compromise professionalism and integrity of the firm is not tolerated. Professionalism is the sustaining force that will help ensure long-term success. One of the most important aspects of our promise of professionalism is the requirement to be independent in fact and appearance.
Maintaining independence is fundamental. Behavior that meets the highest ethical standards, and that fully complies with legal and regulatory requirements, is what allows us to provide objective and independent opinions and certification. Client evaluation and engagement continuance review procedures are performed to help identify threats to impairment of independent. If effective safeguards cannot be applied, the firm will withdraw from the engagement or take other corrective actions as appropriate to eliminate the breach. Unacceptable threats to impartiality include the following.
- BARR Certifications shall not certify another certification body for its quality management system.
- BARR Certifications or any of its personnel shall not perform internal audits to its certified clients. A recognized mitigation of this threat is that BARR Certifications shall not certify a management system on which it (or any shared resources) provided internal audits for a minimum of two years following the completion of the internal audits.
- BARR Certifications personnel used for certification activities of a client shall not have previously performed management system consultancy for such clients. This means we cannot provide any professional consulting services to assist in the design, selection, or implementation of controls to meet the ISO 27001 or ISO 27701 requirements.
- BARR Certifications shall not outsource audits to a management system consultancy organization. This does not apply to individuals contracted as auditors.
BARR Certifications maintains a Client Directory detailing the current certification status of all ISO clients, allowing external third parties to verify a status when needed based on a company’s name or certification number.