ISO 27001 Compliance

1. Boulay Certifications, LLC shall not certify another certification body for its quality management system.
2. Boulay Certifications, LLC, any part of the same legal entity, and any entity under the organizational control of Boulay Certifications, LLC shall not offer or provide management system consultancy.
3. Boulay Certifications, LLC, any part of the same legal entity, and any entity under the organizational control of Boulay Certifications, LLC shall not offer or provide internal audit services to prospective or current clients (or) a minimum period of two (2) years must have passed since the completion of the most recent internal audit.
4. Boulay Certifications, LLC shall not serve any client that has obtained management systems consultancy from Boulay PLLP or any of its subsidiaries unless a minimum period of two years has passed since the end of the most recent management systems consultancy.
5. Boulay Certifications, LLC shall not outsource audits to a management system consultancy organization.
6. Boulay Certifications, LLC shall not allow an organization that provides management system consultancy to market or offer linked services with Boulay Certifications, LLC.
7. If Boulay Certifications, LLC becomes aware that a consultancy organization is stating or implying that certification would be simpler, easier, faster, or less expensive if Boulay Certifications, LLC is used, Boulay Certifications, LLC will take action to correct inappropriate links or statements by the consultancy organization. Additionally, Boulay Certifications, LLC shall not state or imply that certification would be simpler, easier, faster, or less expensive if a specified consultancy organization were used.
8. Boulay Certifications, LLC shall not allow personnel who have provided management system consultancy, including those acting in a managerial capacity, to take part in an audit or other certification activities unless a minimum period of two years has passed since the end of the most recent management systems consultancy.
9. Boulay Certifications, LLC shall take action to respond to any threats to its impartiality arising from the actions of other persons, bodies, or organizations.
10. If performing an audit of an organization’s information security management system (ISMS), Boulay Certifications, LLC shall not provide internal information security reviews of the client’s ISMS subject to certification. Additionally, Boulay Certifications, LLC shall be independent from the body or bodies (including any individuals) which provided the internal ISMS audit.

Below please find the terms and conditions related to our certification and the use of Boulay’s logo. Clients are required to agree to the following before issuance of their ISO 27001 certificate:

• Not to make any modifications to the certification document issued by Boulay.
• Not to use the certification mark on a product or product packaging, nor in any other way that may be interpreted as denoting product conformity.
• Not to apply the certification mark to laboratory test, calibration or inspection reports or certificates.
• Not to make any statements on product packaging or in accompanying information (separately available or easily detachable) that Boulay has a certified management system.
• Not to make or permit any misleading statement regarding the certification.
• Not to use or permit the use of a certification document or any part thereof in a misleading manner.
• Upon withdrawal of its certification, to discontinue the use of all advertising matter that contains a reference to certification.
• To amend all advertising matter when the scope of the certification has been reduced.
• Not to allow reference to the management system certification to be used in such a way as to imply that Boulay certifies a product (including service) or process.
• Not to imply that the certification applies to activities and sites that are outside the scope of certification.
• Not to use the certification in such a manner that would bring Boulay and/or its certification system into dispute or result in a loss of public trust.

Boulay Certifications, LLC is responsible for making certification decisions, including the granting, refusing, maintaining, renewing, suspending, restoring or withdrawing of certification. The client is responsible for maintaining compliance with ISO 27001 requirements during the period of certification.

Following audit completion, including the remediation of any identified nonconformities, the audit report and Lead Auditor recommendation on whether or not to grant certification to a client is submitted to the Audit Quality Review (QR) department, which has final authority for making the certification decision. If the decision is to certify a client, then the ISO 27001 certificate will be issued. If the decision is not to certify a client, then we will provide a written explanation to the client regarding the decision.

Decisions on whether to maintain, renew or restore a certification following surveillance or recertification audits undergo a similar process with the Audit QR department maintaining authority for the decision, based on the audit results and recommendations of the Lead Auditor.

Boulay Certifications, LLC reserves the right to suspend, withdraw, or reduce the scope of the certification in the event the client is not maintaining compliance with ISO 27001 requirements.

If a client believes the assigned Boulay ISO project team has not provided a suitable resolution, the client may appeal certification and/or suspension decisions made by Boulay. To request an appeal, please complete this form.

Boulay takes complaints against itself or its clients seriously. Complaints will be investigated and dealt with in a fair and prompt manner. To submit a complaint, please complete this form.