Impartiality and Inquiries
Introduction
Executive Management at Insight Assurance, is committed to maintaining independence, integrity, and impartiality in all aspects of our operations. Our organization-wide commitment to impartiality ensures that our audit and inspection services remain fair, unbiased, and free from conflicts of interest. We define threats to impartiality as any factors that may compromise our ability to deliver objective audit results, including ownership, governance, personnel relationships, and financial interests. Divisions of Insight Assurance that provide certification audits and inspection services have implemented controls to ensure the requirements outlined in ISO 17021:2015, ISO/IEC 27006:2015 ISO 17020:2012, as well as the requirements for Bodies Providing STAR Certifications.
To uphold our impartiality policy, we conduct regular reviews and analyses of potential conflicts of interest and threats to impartiality. These reviews occur continuously and annually, involving all stakeholders, including prospects, clients, and personnel. Our goal is to identify, review, analyze, resolve, and monitor any conflicts of interest or threats to impartiality effectively.
Certificate Decisions
Insight Assurance follows a transparent and structured process for making decisions regarding certification. Our approach includes:
Granting of certification:
Upon completion of the initial certification, recertification, or transfer process, our ISO Certification and Accreditation Board or a duly authorized representative conducts a comprehensive review of the audit archive including any nonconformities and related remediations and evidence to ensure compliance with applicable standards. The decision to certify is granted only when all criteria are met.
Refusing certification:
If open issues or non-conformities are identified during the review process, certification may be withheld until all criteria for certification are achieved. If the organization seeking certification exceeds the maximum allowable remediation timeframe, a new audit will be required.
Maintaining certification:
We require regular surveillance audits and a recertification audit to maintain certification. The first surveillance must occur within twelve (12) months from the initial certification decision, and subsequent surveillance and recertification audit must occur within twelve (12) months from the end of the most recent surveillance or recertification, as may be applicable. Failure to comply with audit requirements may result in suspension or withdrawal of certification.
Suspension of certification:
Insight Assurance initiates suspension if a company fails to meet conformance with management system requirements within the specified timeline or fails to comply with surveillance or audit requirements. The certification is invalid while the suspension is in place and the client will need to take action to update publicly facing references to reflect so.
Restoring certification:
Certification may be restored once all outstanding issues are resolved and verified.
Withdrawal of certification:
Certification may be withdrawn due to non-performance of audits, misrepresentation, failure to close outstanding corrective actions, or at the request of the client.
Expansion and reduction of certification:
Expansion of certification scope is possible through formal request and an application process subject to review of supporting documentation by the ISO Certification and Accreditation Board or a duly authorized representative. An audit will be performed to determine conformance to the client’s expanded scope with the applicable standard(s).
Reduction of the certification scope may be necessary if it is determined that the original scope of certification is no longer accurate. The ISO Certification and Accreditation Board or a duly authorized representative will receive an updated application from the client and approve the scope reduction if it is supported by audit results. The ISO Certification and Accreditation Board will reject scope reductions aimed at avoiding nonconformities.
About Insight Assurance’s Name and Logo
As an accredited certification body, Insight Assurance has developed trademarked logos that signify our clients’ conformance with relevant ISO standards. The use of our name and logo is governed by our terms and conditions and contractual agreements with clients. We monitor the use of our name and logo to ensure compliance with ISO standards and contractual obligations. Please refer to the next section.
ISO/IEC 27001 Reference to Certification and Use of Marks
This document provides basic information to organizations that have obtained ISO 27001 certification of their Information Security Management System (“Registrants”) regarding the authorized marketing of the certification and the use of the Insight Assurance ISO 27001 certification mark (the “Mark”). These requirements were previously agreed upon as a condition of Insight Assurance’s acceptance of the engagement. Please contact your Insight Assurance representative if you have any questions or concerns.
The Registrant shall conform to the reasonable and mutually agreed requirements of Insight Assurance when making reference to its certification status in communication media such as the Internet, brochures, advertising, or other documents. The reference must include identification of the certified client; the type of management system and the applicable standard; and the certification body (Insight Assurance) issuing the certificate.
The Registrant shall not make or permit any misleading statements regarding its certification. Furthermore, the Registrant shall not use or permit the use of a certification document, or any part thereof, in a misleading manner.
The Registrant shall, upon suspension or withdrawal of its certification, discontinue its use of all advertising matter that contains a reference to ISO 27001 certification and/or includes a Mark.
The Registrant shall amend all relevant advertising material when the scope of certification has been modified.
The Registrant shall not allow reference to its Information Security Management System certification to be used in such a way as to imply that Insight Assurance certifies a product, service, or process.
The Registrant shall not imply that the certification applies to activities that are outside the scope of registration.
The Registrant shall not use its certification in such a manner that would bring Insight Assurance and/or the certification system into disrepute or cause loss of public trust.
The Registrant shall use the Mark only in reference to the Information Security Management System certified by Insight Assurance.
The Registrant acknowledges that Insight Assurance has the right to suspend or withdraw certification if it finds that the Registrant has purposefully made incorrect references to the certification status or misleading use of certification documents, marks, or audit reports.
The Mark is a service mark of Insight Assurance. The Mark shall only be used during periods of active certification. The Mark may not be used in connection with any product or service that was not within the scope of the certification review, or in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Insight Assurance. Also, the Registrant shall not modify the form or color of any Mark provided by Insight Assurance.
Appeals or Complaints
Appeals:
Appeals against Insight Assurance’s decisions are handled in accordance with established ISO standards. Clients may appeal decisions by contacting our leadership team at ISO_Notices@insightassurance.com who will review the appeal and communicate the decision.
Complaints:
Complaints against Insight Assurance or our certified clients are managed through a documented process, ensuring transparency and fairness. Complaints are investigated and resolved promptly, with updates provided to the complainant throughout the process. Complaints may be filed by emailing complaints@insightassurance.com and ISO_Notices@insightassurance.com.
Information Requests
For inquiries regarding Insight Assurance’s operations, certificate status, or information for our certified clients, please contact us at ISO_Notices@insightassurance.com. We are committed to providing timely and accurate information to all stakeholders.