Search
Close this search box.

Frequently Asked Questions

ISO certification is a seal of approval from a third party body that a company runs to one of the international standards developed and published by the International Organization for Standardization (ISO).

The ISO are an independent, non-governmental international organization that brings together experts to share knowledge and develop international standards that support innovation and provide solutions to global challenges.

The cost of ISO standard implementation and certification is a fixed fee from the beginning of your business relationship with IMSM and it will not change throughout the ISO process. The cost is not as much as you might think and is based on the following variables:

  • The standard/s you require
  • The number of company sites
  • The number of employees
  • The amount of support deemed necessary to ensure that your business is prepared and ready for certification.

ISO Certification lasts three years and is subject to mandatory audits to ensure that you are compliant. After the three years to continue with your certification you will be required to do a recertification audit.

Certification Europe certifies the following ISO standards

  • ISO 9001 Quality
  • ISO 14001 Environmental
  • ISO 45001 (Previously OHSAS 18001) Health and Safety
  • ISO 27001 Information Management
  • ISO 50001 Energy
  • ISO 22301 Business Continuity
  • ISO 20000-1 IT
  • ISO 27701
  • ISO 27017
  • ISO 27018

A company would choose to become certified to a specific standard for a multitude of reasons. The main reasons would be

  • Demonstrate best practice
  • To streamline their process and procedure
  • Reassurance to clients and stakeholders the company complies with an international framework
  • Reputation
  • Cost Savings
  • Competitive advantage

A certification audit is split into two stages with an 8 – 12 week gap in between.

  • Stage One which is a minimum of 1 – 2 days
  • Stage Two which is a minimum of 2 – 3 days

However, the audit time depends on which standard is being audited and the scope of certification.

No, as an accredited certification body, we must remain independent from the ISO system, as it would be a conflict of interest. Many ISO consultants in Ireland and UK can assist in building an ISO system for your company.

Yes. All of our training courses are designed to develop your understanding and ability for you to run an effective management system. Whether you’re considering implementation or are already involved with the day-to-day running of your management system, you’ll have something new to learn.

We offer a variety of training styles to suit individual learning requirements either in the classroom, online or at your premises.

You can make a booking online, or by emailing prussell@certificationeurope.com. If you wish to make an online booking, please click ‘buy now’ on the course page you wish to attend, this will then bring you to a page where you can select which date you wish to complete the training, and make the payment. Alternatively, it can be invoiced or by bank transfer. All training must be paid in advance.

Certification Europe’s Bespoke training course was specifically designed by our panel of expert trainers to match the requirements of the clients in relation to their Specified ISO standard. Our bespoke training programmes cover all aspects of ISO implementation and auditing. Certification Europe has run ISO training courses throughout Ireland, UK and across the globe for government bodies, industry groups and multinational organisations.

Training can be paid for online, or it can be invoiced or by bank transfer. All training must be paid in advance.

Cyber Essential is suitable for any organisation that requires a base-level security certification to demonstrate it has vital controls in place.

Cyber Essentials is also mandatory for businesses seeking UK government-specific contracts; without the certification, your organisation won’t be able to bid for such contracts.

Cyber Essentials covers the following:

Boundary Firewalls and Internet Gateways:

Your first line of defense against an intrusion from the internet will be boundary firewalls and internet gateways. A well-configured firewall can prevent breaches before they penetrate deep into your network. At the same time, an internet gateway can deny users within your organisation to websites or other online services that present a threat.

Secure Configuration:

Some setup and configuration will be required to ensure your hardware and software provide the most effective protection. Removing unused software and services from your devices will reduce the number of potential vulnerabilities as older versions of some widespread software have well-documented security vulnerabilities. It is also to ensure that you remove any default passwords used by software and hardware as these are well-known by hackers.

Access Control:

Access to your system should be restricted to trusted users, so each of these users must have and use their username and password, which is appropriate to the job they are undertaking at the time. Administrator accounts should only be used when strictly necessary, such as installing known and trusted software.

A brute force password attack is a common method of attack, perhaps even by casual users trying to access your Wi-Fi. Therefore, you need to enforce strong passwords and frequent password changes and limit the number of failed login attempts. Passwords or other access should be cancelled immediately should a staff member leave the company or is absent for long periods.

Malware Protection:

Malware is malicious software specifically designed to disrupt or damage a computer system. You should have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats. You will also need to keep them up-to-date and switched on to continually monitor your computer system.

You should also make sure you receive and act upon any alerts issued by the malware protection.

Patch Management and Software Updates:

Computer equipment and software need to be maintained regularly to fix any security vulnerabilities and keep it running smoothly. Security software such as anti-virus and anti-malware need regular updates to provide adequate protection. Checking regularly for updates and subsequently applying them will keep your software up-to-date, and most software can also be set to update automatically.

If your system is a few years old, you should review the protection you have to ensure it is still adequate. In between updates, you should use patches to maintain your computer system. A patch is software designed to update a computer program or its supporting data to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bug fixes, and improving usability or performance.

Activ is a cloud-based ISO software solution that puts you in control of your ISO management system.

We’re accredited by the INAB and meet rigorous international certification standards, delivering ISO expertise to audit and certify ISO standards.

Accreditation is the process by which a certification body is recognised to offer certification services. To become accredited, Certification Europe is required to implement a Quality Management System which is assessed by an Independent Authorised Board to determine that it meets International Standards. We’re audited annually to ensure its services meet the exact requirements of the relevant accreditation standards. Learn more about Certification Europe’s Accreditation

There are two types of Cyber Essentials certification – Basic Certification or Plus Certification

Cyber Essentials Basic Certification cost is dependent on the number of employees:

  • Up to 49 employees €759.00 + VAT
  • 50 – 249 employees €859 + VAT
  • 250+ employees €959 + VAT

Cyber Essentials Plus Certification is by quotation, we will assess the number of days testing and how long the assessment will take then provide a Quotation.

Would you like to speak to our team?

We’d love to hear from you and answer any questions you may have regarding our services.