ISO 27001 Certification

Illustrate your conformity to ISO 27001 to customers and interested parties by obtaining ISO 27001 Certification

Obtain ISO 27001 Certification to demonstrate conformity of your Information Security Management System (ISMS) requirements and create a framework that illustrates your security posture to current and potential organizations.

ISO 27001 provides an international standard and methodology for the implementation, management and maintenance of information security for organizations. Obtaining ISO 27001 certification demonstrates conformity of your Information Security Management System (ISMS) requirements and is a framework that can illustrate your security posture to current and potential organizations.

Marcum RAS, LLC is a certification body for ISO 27001 and can provide your organization with the following services:

  • Scope Assessment: As part of the initial engagement, we will perform a comprehensive understanding of the services and systems that are under review. After obtaining a clear and thorough understanding of our client’s environments, we will customize an audit plan and provide access to an online collaboration tool that includes all required documentations, identification of key personnel responsible from Marcum RAS, LLC and the client and documented milestones within our project calendar.

  • Stage 1 Audit: As part of the Stage 1 audit, Marcum RAS, LLC reviews your company’s documentation to confirm that it is in compliance with the requirements of ISO 27001. At the completion of this stage, clients are provided with a detailed report identifying any nonconformities. In additional to the deficiencies/nonconformities report, Marcum RAS, LLC will provide you with a roadmap of next steps required; this will depend on the results from the Stage 1 audit.

  • Stage 2 Audit: Once organizations complete Stage 1, you move into Stage 2, which tests the conformance of the ISMS with ISO 27001. During the onsite audit, we will perform testing procedures such as interviews, observation of processes and inspection of artifacts to support your conformance of ISMS with ISO 27001.

  • Surveillance Audit: To ensure that your organization’s ISMS continues to demonstrate conformance with ISO 27001, surveillance audits are required to maintain certification. Surveillance audits are designed to confirm the scope is consistent with the original certification, improvement of the ISMS is present and validation of ongoing monitoring procedures are being performed. Certification are valid for three years, but require a surveillance audit in year two and three.  Surveillance audits are required to be completed within 12 and 24 months of the initial certification decision date.

Audit Process

Marcum RAS, LLC has developed an audit methodology for conducting ISO 27001 certification audits that is in conformity with ISO 17021:2015. The methodology addresses the steps of the certification cycle including Stage 1, Stage 2, Certification Decision, as well as the ongoing Surveillance audits that are required.

We communicate the audit expectations, timing, and deliverables to our clients through the audit planning documentation, kick-off/closing meetings, status sheets available through our client portal and regular meetings. Marcum RAS, LLC standard methodology provides consistency to the certification audits process.

Certificate Decisions

As your certification body for ISO 27001, we have defined criteria for all certification decisions including granting, refusing, maintaining, renewing, suspending, restoring and withdrawing the certificate. These processes follow the requirements defined in ISO 17021:2015.

Marcum RAS, LLC communicates with our clients through the engagement team regarding all certification decisions. All decisions related to the ISO 27001 certification are approved by Marcum RAS, LLC senior leadership, and are required to follow our document certification processes.

Marcum RAS, LLC Name and Logo

Marcum RAS, LLCs' ISO 27001 certification logo is only to be used to illustrate conformance with ISO 27001. The use of our name and logo in regards to ISO 27001 certifications are governed by the terms and conditions in our contracts with clients. Marcum RAS, LLC monitors the use of its name and logo to ensure compliance with our contractual agreement and ISO 17021:2015.


Marcum RAS, LLC audit team strives to clearly communicate the justification for their decisions related to the certification activities. When a situation arises where the client does not agree with the audit team, they may appeal the decision to Marcum RAS, LLC leadership. A point of contact, who is separate from the audit team, is assigned to research the appeal Marcum RAS, LLC leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly with the client’s audit team or by submitting here


Complaints filed against Marcum RAS, LLC or our certified clients are received, handled and resolved in accordance with ISO 17021:2015. Marcum RAS, LLC has developed a process managed by a team independent of our audit team to document and track the complaint. The complaint will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed through the process and of the complaint resolution. Complaints can be submitted here.


Inquiries regarding status of a given certification or inquiries on geographical areas that we operate can be submitted here. Received inquiries will be responded to in 48 business hours.


Part of our certification bodies services to remain impartiality at all times. Our personnel and the organization are always independent from our clients. Our Certification decisions are based on objective criteria and are not influence by bias or prejudice. Marcum has an independence committee whose role is to evaluate new and current client relationships to ensure that the impartiality of our certification services are safeguarded.

Marcum operates in accordance with ISO/IEC 17021-1:2015 and adheres to all impartiality requirements.

For more information about ISO 27001 Certification at Marcum RAS, LLC, please complete the form below or call Ben Osbrach at 440-449-6800.

Ben Osbrach


We offer a detail-oriented process for your organization to obtain ISO 27001 Certification that illustrates your security posture to current and potential customers. 

Ben Osbrach

Related Resources