A lot of companies are getting certified to show they comply to an ISO standard or work according to best practices. Of course, Datacenter.com obtained certain certifications to show we work according a couple of best practices. Due to the experience of our staff with auditing and working according industry best practices we did not experience a lot difficulties during the audits. One of the main reasons is, we got certified because we want to show our procedures meet industry best practices, the main reason wasn’t getting the paper. To experience an efficient and effective audit, these are our 5 key takeaways.
1 Choose the standards you trust
Do not certify for standards that you do not embrace. Choose the standards you want to certify in due to their purpose. If you choose a certification you think is ridiculous, complying to the certification standards and requirements will be really difficult.
2 Design for your key processes, not the certification processes
Do not design fancy processes in accordance with standards and afterwards adding your key services to that process. Design your ideal, most effective and efficient, business process and twist that process to comply with certification standards/requirements.
3 Cross check on requirements
Although you are sure you added all the requirements to your processes, perform a cross check. Make a reference scheme of all certification requirements and make a reference to the process/document where you describe how the requirement is implemented. For documentation it is easy to use compliancy software (also available as open source).
4 Prepare the evidence
Besides the description of how the requirements are implemented, for certification the auditor wants to see the requirements are not only designed to be part of the organizational processes, they want to see the requirements really are implemented and used. E.g. signed documents, digital logging or physical implementation can show requirements are really implemented. In advance of the audit, try to collect as much as evidence as possible.
5 Don’t beat the auditor, join them
Since you trust the standards you want to certify for, you understand the needs for complying for your organization. Team with the auditor to help improve your processes and explain your key processes. The auditor is not the enemy that is searching for mistakes. Teaming with the auditor helps you in mitigating risks and can improve your business processes.
By Jouke Albeda, Security & Compliance Manager Datacenter.com