Impartiality

At the core of AssurancePoint’s impartiality policy is AssurancePoint’s management’s commitment to maintaining independence, in fact, perception and removing threats to impartiality. AssurancePoint defines threats as a relationship that threatens the impartiality of our conclusions based on ownership, governance, management, personnel, shared resources, finances, contracts, marketing, and payments of certain sales commission and/or other inducements for the referral of new clients.

Impartiality

Review and analysis of impartiality are conducted on an ongoing basis as well as annually with regards to all prospects, clients, and personnel to ensure conflicts of interest and threats to impartiality are identified, analyzed, resolved, and monitored. In addition, AssurancePoint’s review process ensures that we do not perform audit services for clients where non-audit services have been performed and that ISO management consulting services are not performed by AssurancePoint.

AssurancePoint’s leadership ensures adherence to the impartiality policy through periodic management reviews, internal audits, and formal risk assessments of our audit processes.

AssurancePoint operates under and complies with the independence requirements established by the American Institute of Certified Public Accountants and ISO/IEC 17021-1:2015 and has developed this impartiality policy and supporting procedures to ensure ongoing compliance.

Certificate Decisions

Information on the certification body’s processes for granting, refusing, maintaining, renewing, suspending, restoring, or withdrawing certification or expanding or reducing the scope of certification is defined below.

Granting of certification:

Upon completion of the initial certification, recertification, or certification transfer audit process, AssurancePoint’s certification decision maker will perform a comprehensive review of the audit file and any corrective action plans and supporting evidence. The review will verify that the Company’s management system is in conformity with the applicable ISO standard and non-conformities have been properly addressed. Upon successful completion of this review, AssurancePoint grants the certification.

Refusing of certification process:

Should AssurancePoint’s certification decision maker’s comprehensive review of the submitted audit package result in the identification of open issues or non-conformities, AssurancePoint’s certification decision maker shall withhold the granting of certification until such time that the Company can demonstrate all criteria for certification has been achieved. If the Company exceeds the allowable remediation period outlined in the applicable standard a new initial certification audit will be required.

Maintaining certification process:

AssurancePoint requires that over the lifecycle of the certification, annual surveillance audits must be completed in years two and three, with a recertification audit to be completed prior to the expiration of the certification. AssurancePoint’s certification decision maker may suspend or withdraw the Company’s certification if the required audits are not performed, or open nonconformities have not been properly addressed.

Suspension of certification process:

AssurancePoint will initiate its suspension process if the Company does not re­establish conformance of its management system standard requirements within the allowable timeline, fails to abide by the contract terms and agreements or fails to perform the required audits.

Restoring of certification process:

AssurancePoint will restore a certification that has been placed on suspension once all outstanding issues have been closed and verified as such through off-site or on-site review.

Withdrawal of certification process:

AssurancePoint will withdraw a certification as a direct result of, but not limited to, non-performance of audits, miss-representation, non-closure of open corrective action, failure of the appeals process to close an open corrective action, or at the request of the Company.

Expansion of certification process:

At the request of the Company through an application process, AssurancePoint will request and review documentation supporting the additional scope. Upon completion of the review, an on-site audit will be performed to determine conformance of the Company’s additional scope with the applicable ISO standard. This may require an addendum to the contract and/or additional fees.

Reduction of certification process:

AssurancePoint may require that the Company’s scope of certification be reduced if it is determined that the scope is no longer valid. AssurancePoint’s certification decision maker will approve a request from the Company for scope reduction if audit procedures support that the scope is no longer applicable to the Company’s business. AssurancePoint’s certification decision maker will refuse scope reduction if the reduction is to avoid nonconformities.

AssurancePoint’s Name and Logo

AssurancePoint has developed a trademarked logo that demonstrates our certified clients’ conformance with relevant ISO standards. The rules associated with the use of our name and logo regarding ISO certifications are documented in the terms and conditions of our contract and again upon successful certification for our clients.

• • The Mark is a service mark of AssurancePoint. The Mark shall only be used during periods of
    active certification. The Mark may not be used in connection with any product or service that was
    not within the scope of the certification review, or in any manner that is likely to cause confusion
    among customers, or in any manner that disparages or discredits AssurancePoint.
• • The Registrant shall adhere to the reasonable and mutually agreed requirements of
    AssurancePoint when making any reference to its certification status in communication media,
    including but not limited to product packaging/labeling, the Internet, brochures, advertising, or
    other documents. Product packaging is considered as that which can be removed without the
    product disintegrating or being damaged. Accompanying information is considered as separately
    available or easily detachable. Type labels or identification plates are considered as part of the
    product. The statement shall in no way imply that the product, process, or service is certified by
    this means. Such references must clearly identify the certified client (e.g. brand or name), specify
    the type of management system, the applicable standard (e.g., ISO 27001), and the certification
    body (AssurancePoint) that issued the certificate.
• • The Registrant shall not make or permit any misleading statements regarding its certification.
    Furthermore, the Registrant shall not use or permit the use of a certification document, or any
    part thereof, in a misleading manner.
• • The Registrant shall, upon suspension or withdrawal of its certification, discontinue its use of all
    advertising matter that contains a reference to ISO 27001 certification and/or includes a Mark.
•  
  • The Registrant shall amend all relevant advertising material when the scope of certification has
    been modified.
• • The Registrant shall not allow reference to its information security management system
    certification to be used in such a way as to imply that AssurancePoint certifies a product, service,
    or process.
• • The Registrant shall not imply that the certification applies to activities that are outside the scope
    of registration.
• • The Registrant shall not use its certification in such a manner that would bring AssurancePoint
    and/or the certification system into disrepute or cause loss of public trust.
• • The Registrant shall use the Mark only in reference to the information security management
    system certified by AssurancePoint.
• • The Registrant shall not use the certification in such a manner to be applied to laboratory tests,
    calibration, or inspection reports.

Appeals and Complaints

Appeals

Appeals filed against AssurancePoint are received, handled, and resolved in accordance with ISO/IEC 17021-1:2015. AssurancePoint’s audit team strives to clearly communicate the justification for their decisions related to the certification and inspection services. When a situation arises where the client does not agree with the audit team, they may appeal the decision to AssurancePoint’s leadership. A point of contact, who is separate from the audit team, is assigned to research the appeal. AssurancePoint’s leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly by the client’s audit team or by completing this form.

Complaints

Complaints filed against AssurancePoint, or our certified clients, are received, handled, and resolved in accordance with ISO/IEC 17021-1:2015. AssurancePoint has developed a process managed by a group independent of our audit team to document and track the complaint. The complaint will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and of the complaint resolution. Complaints may be filed by or by completing this form.

Information Requests

Inquiries may be submitted directly to AssurancePoint, including areas where we operate, certificate status and information for our certified clients by or by completing the this form.