+31 (0)73 - 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Beglië
  • Dutch
  • English
  • Beglië
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Contact
  • Information security
    • ISO 19770-1
    • ISO 27001
    • ISO 27017 and ISO 27018
    • ISO 27799
    • BIO
    • NEN 7510
    • SOC 2
    • ISAE 3402
  • Privacy
    • Whitepaper BC 5701
    • AVG standard BC 5701:2023 NL
    • GDPR standard BC 5701:2023 EN
    • GDPR standard BC 5701:2024 EN
    • BC 5701
    • ISO 27701
  • Quality
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge base
  • News
  • Academy
    • NIS2 training course
    • ISO 27001 training courses
    • BC 5701 training courses
  • About us
    • Start your certification journey
    • Accreditations
    • Compliment, complaint or tip
    • Privacy Statement
    • Vacancies
    • Contact

Certification process

10
  • Checklist certification
  • Do you have your first audit soon?
  • How long does ISO certification take?
  • What is a certification cycle?
  • Applying for a certification process
  • Initial audit Stage 1
  • Initial audit Stage 2
  • Nonconformities management system
  • Certificate suspended or revoked? This is how you solve it!
  • Transfer of certification

BC 5701

5
  • BC 5701 certification: where do you start?
  • Your record of processing activities and the GDPR
  • Your Data Protection Officer and the GDPR
  • Checklist for your BC 5701 certification
  • Data breach: What is it and how do you prevent it?

General

9
  • SOC 2 or ISAE 3402: which standard suits your organization?
  • The Traffic Light Protocol (TLP): what does it mean for you?
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Find out more about internal audits
  • Tips to describe a proper scope
  • Accreditation versus certification
  • The use of certification logos

ISO 27001:2022

3
  • Operational Capabilities: The Backbone of Information Security
  • ISO 27001:2022 – FAQ transition
  • ISO 27001:2022 – Transition process

Whitepapers

2
  • Whitepaper management system audits
  • Whitepaper GDPR Certification Standard and Criteria BC 5701

Best practices

3
  • Mastering GDPR compliance: best practices
  • Excelling in information security: best practices
  • Quality Management: best practices for success

NEN 7510

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 Directive

2
  • NIS2 liability
  • NIS2 & the Belgian CyberFundamentals
View Categories

What is a certification cycle?

3 min. leestijd

certification cycleYou have been certified!

From the moment you obtain the certificate, the certification cycle starts. In this article we inform you about the course of an ISO certification cycle.

How long is the validity period of an ISO certificate?

An ISO certificate is valid for the duration of a full certification cycle, which takes 3 years. A certification cycle consists of multiple, recurring activities. After the initial certification and obtaining the certificate, a surveillance audit will take place in the first 2 subsequent years (i.e., 2 times). After the 2 surveillance audits, the recertification will take place. The recertification must be completed within three years of the initial audit (the certification date).

If the recertification is achieved, you will receive a new certificate with adjusted dates. After this, the same cycle follows as described after the initial certification. This means that a surveillance audit will take place 2 times in the following 2 years.

The cycle keeps repeating itself in this way. After the 2 surveillance audits, the recertification takes place again. And so on, and so on.

Timeline of a certification cycle

The image below provides insight into the timeline of a certification cycle.

certification cycle

What is a surveillance audit?

In short, the focus during the surveillance audits is on the following aspects:

  • Internal audits and management review;
  • Previously identified nonconformities;
  • Complaint handling by your organization;
  • The objectives and results of the management system;
  • Continuous improvement;
  • Operational control of your activities;
  • Assessment of any changes within the scope of certification;
  • The use of logos and references to the certification.

You will receive a report from Brand Compliance after each surveillance audit. This report includes a summary of the positive points identified during the audit. Attention is also paid to any possibilities for improvement or observed nonconformities. It is important that you handle nonconformities in accordance with the established procedure and deadlines, in order to maintain the validity of your certificate.

What is a recertification?

The purpose of a recertification is to confirm the continuity and effectiveness of your management system and activities within the scope of the certification. The design of a recertification audit is similar to a stage 2 audit of the initial certification. Here too, it is important that you handle nonconformities in accordance with the established procedure and deadlines, in order to be able to issue a new certificate to you in good time.

Changes

Does your management system or process change significantly during the certification cycle? Then you must inform Brand Compliance.

This includes, for example, changes related to:

  • The legal form, organizational form or ownership;
  • Organization and management;
  • Contact address and locations;
  • The scope of the certified management system;
  • Major changes to the management system and processes;
  • The Statement of Applicability (only applicable to ISMS).

Brand Compliance will review the submitted changes in relation to the requirements of the standard. Major changes may lead to an extra audit being carried out. Minor changes can in some cases be assessed during the next surveillance audit or during recertification.

Questions?

If you have any further questions regarding the audit cycle or other questions, you can contact us at any time via:

  • This field is for validation purposes and should be left unchanged.

Share This Article :
  • Facebook
  • X
  • LinkedIn
Updated on 24 April 2025
How long does ISO certification take?Applying for a certification process

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 scope 33 information technology and 35 other services.

Brand Compliance B.V.

Hambakenwetering 8D2
5231 DC ‘s-Hertogenbosch

+31 (0)73 220 2000
info@brandcompliance.com

Chamber of Commerce nr.: 32101659
VAT nr.: NL8130.78.854.B01

Brand Compliance Belgie B.V.

Uitbreidingstraat 66
2600 Berchem (Antwerpen)

+32 (0)14 48 0730
be-info@brandcompliance.com

VAT nr.: BE0735.675.516

Brand Compliance Nordics AB

Vasagatan 16 2 TR
111 20 Stockholm

+31 (0)73 220 2015
info@brandcompliance.com

Org.nr: 559238-1387

© Copyright 2025 Brand Compliance
Thank you for your rating!
Thank you for your rating and comment!
This page was translated from: Dutch
Please rate this translation:
Your rating:
Change
Please give some examples of errors and how would you improve them: