The ETHIC Intelligence process of granting, denying, suspending, withdrawing an ISO 37001 certificate abides by the rules of ISO 17021 applicable to certification bodies.
Granting, denying and renewing certification
The Certificate is awarded by the Technical Committee upon review of the recommendation formulated by the audit team.
In case of non-conformities, the Certificate is awarded only if:
- major non-conformities are lifted
- a remediation plan for minor non-conformities is accepted by the Technical Committee
After three years a certificate can be renewed. It requires a new certification cycle: initial audit and two surveillance audits.
Suspending, withdrawing or reducing the scope of certification
A Certificate will be suspended if:
- the Certificate is used in an inappropriate manner (ex: for a different scope)
- the surveillance audit identifies major non-conformities or minor non-conformities that have not been remediated at the time of the surveillance audit
A certificate will be withdrawn if:
- it is discovered that important facts have been hidden purposely to the audit team (ex : business units that were not disclosed)
- if the facts that have prompted the Technical Committee to suspend the certificate have not been remediated within three months
The scope of certification will be reduced:
- if part of the organisation fails seriously to meet standard requirements
- if the organisation requires the scope to be reduced
The certificate, or the scope of certificate, will be restored by decision of the Technical Committee, and if need be after an in-situ audit, when the organisation has taken actions to remediate to the causes that have led the certificate to be suspended, withdrawn or reduced.
Complaints and Appeal
Complaints regarding the audit process must be forwarded to the Head of Certification who will handle them.
Appeals regarding certification decisions must be forwarded to the Head of Certification and they will be handled by the Appeal Committee.