Our Commitment to Impartiality

CyberGuard Advantage (CGA) is committed to fostering an environment of impartiality in all aspects of our certification activities. We ensure that neutrality is maintained at the individual auditor level, guaranteeing objective and fair assessments for our clients.

Our management team plays a critical role in monitoring and reviewing our impartiality controls. They are empowered to make strategic decisions aimed at preventing any conflicts or biases that may arise from self-interest, self-review, familiarity, or intimidation. Our unwavering focus on impartiality is essential to our mission of providing credible certification services. Certification decisions are made independently and are not influenced by commercial, financial, or other external considerations.

Review and analysis of impartiality are conducted on an ongoing basis, and no less than annually, with regard to all prospects, clients, and personnel, to ensure that conflicts of interest and threats to impartiality are identified, reviewed, analyzed, resolved, and monitored.

CGA operates under and complies with the independence requirements established by ISO/IEC 17021-1:2015, ISO/IEC 27006 (for information security management system certification), and ISO/IEC 42006 (for artificial intelligence management system certification), and has developed its Impartiality Policy and supporting procedures to ensure ongoing compliance.

CGA does not provide management system consultancy, implementation services, or internal audits for organizations where such activities would create an actual or perceived conflict of interest with certification activities.

Audit Process

CyberGuard Advantage provides ISO certification services globally. Audits may be conducted remotely, on site, or through a combination of both methods, subject to applicable accreditation requirements, regulatory requirements, and client specific circumstances.

For organizations that have not previously been certified against ISO/IEC 27001 or ISO/IEC 42001, the initial certification audit comprises two stages that assess management system design and operating effectiveness prior to a certification decision.

Stage 1: Design Check. Evaluates the design and establishment of the management system, including scope, risk analysis, and readiness to proceed to Stage 2.

Stage 2: Operating Effectiveness and Conformity Audit. In-depth testing determines whether the management system has been implemented effectively and whether adequate safeguards exist for ongoing monitoring and improvement. CGA identifies any nonconformities and requires correction before issuing a certification decision.

Surveillance Audit. Certification is valid for three years. Annual surveillance audits are conducted during the second and third years following initial certification or recertification to confirm continued conformance between certification cycles.

Recertification. A recertification audit is performed before the three-year certification term expires. Its scope builds on audit evidence from the previous cycle and includes more in-depth testing than a surveillance audit.

Certificate Decisions

Information on CGA’s processes for granting, refusing, maintaining, suspending, restoring, or withdrawing certification, or expanding or reducing the scope of certification, is defined below.

Granting of certification. Upon completion of the initial certification, recertification, or certification transfer audit, CGA’s certification decision maker performs a comprehensive review of the audit file, any corrective action plans, and supporting evidence. The review verifies that the organization’s management system conforms to the applicable ISO standard and that nonconformities have been properly addressed. Upon successful completion of this review, CGA grants certification.

Refusing of certification. If a review identifies nonconformities or other gaps that remainunresolved, CGA does not issue certification until the organization provides sufficient evidence of correction. If conformance gaps remain open past the correction window allowed under the applicable standard, a new initial certification audit will be required.

Maintaining certification. Certified organizations remain in good standing by completing annual surveillance audits in the second and third years of the cycle and a recertification audit before the three-year term ends. Missing a required audit, or leaving a nonconformity unresolved, can lead to suspension or withdrawal at CGA's discretion.

Suspension of certification. CGA places a certificate on suspension when an organization does not restore conformance within the allowed timeframe, does not meet the obligations in its Certification Agreement, or misses a scheduled audit. A suspended certificate confers no certification status during the suspension period.

Restoring certification. CGA restores a certification placed under suspension once all outstanding issues have been closed and verified through off-site or on-site review.

Withdrawal of certification. CGA withdraws certification as a result of, but not limited to, non-performance of required audits, misrepresentation, non-closure of open corrective action, an unsuccessful appeal of an open corrective action, or at the organization’s request.

Expansion of certification scope. At the organization’s request, submitted through an application process, CGA reviews documentation supporting the additional scope and performs an audit to determine conformance of the additional scope with the applicable ISO standard. This may require an addendum to the Certificate Agreement and/or additional fees.

Reduction of certification scope. CGA may require a reduction in scope where it determines the certified scope is no longer valid, and will approve an organization’s request for scope reduction where audit evidence supports that the scope no longer applies to its business. CGA will refuse a scope reduction request made in order to avoid nonconformities.

 

Types of Management Systems and Certification Schemes

CGA maintains qualified, competent assessors who audit management systems against the following standards:

ISO/IEC 27001 — Information Security Management System (ISMS)
ISO/IEC 42001 — Artificial Intelligence Management System (AIMS)

 

Readiness Assesment

Optional readiness assessments are delivered against the requirements of ISO/IEC 27001 or ISO/IEC 42001.
 
Readiness assessments are optional pre-certification reviews intended to help organizations understand their level of preparedness for a certification audit. Readiness assessments do not constitute certification audits, do not result in certification decisions, and do not include management system consultancy, implementation support, or recommendations regarding specific solutions.
 
Organizations receiving readiness assessment services from CGA are subject to CGA's impartiality and conflict of interest controls and may be restricted from certification services where required by applicable accreditation rules or impartiality assessments.
 

 

Certification Audit

CGA's certification audit is a comprehensive assessment that determines an organization's conformity with the applicable ISO standard(s) within the agreed scope of certification.



 

 

CGA's Name and Logo

CGA's certified clients do not currently use a certification mark in connection with their certification. Should CGA introduce a certification mark in the future, rules governing its use will be documented in the Certification Agreement and communicated to clients upon successful certification, and CGA will monitor its use to ensure compliance with the Agreement, ISO/IEC 17021-1:2015, and the applicable accreditation standards.

Use of the logo and short name of the International Organization for Standardization (ISO®) is not permitted by any certified organization as a result of its relationship with CGA.

Complaints and Appeals

Filing a Complaint

A complaint is a formal record of dissatisfaction raised by any party affected by a certified management system or by CGA's certification activities. Complaints may be submitted directly to the client’s audit team or by emailing iso@cyberguardadvantage.com

Upon receipt, CGA's management team — independent of the audit team associated with the client — reviews the complaint, determines the appropriate case handling, and excludes any individual on the relevant audit team from the resolution process. The complaint will be investigated and resolved in accordance with our documented policies.

Requesting an Appeal

An organization may request reconsideration of a CGA decision. Appeals may be submitted directly to the client’s audit team or by emailing iso@cyberguardadvantage.com

A point of contact, who is separate from the audit team, is assigned to research the appeal. CGA’s leadership will review the results of the research and communicate the decision to the client in accordance with our documented policies.

Information Request

Inquiries may be submitted directly to CGA, including questions about the geographic areas in which CGA operates, the status of a certificate, or other information about a CGA-certified organization, by emailing iso@cyberguardadvantage.com.