Audit & Assurance Services

ISO Certifications

Elevate security posture through ISO Certifications and show your proficiency in information security, data privacy and other key areas.

What We Offer
Suite of Services

International data and cybersecurity certifications play a key role in helping you mitigate risk, achieve sustainable growth and successfully operate globally.

Armanino Certified, LLC offers the following certifications:

Audits, Reviews
ISO 27001 Certification
Provides a framework and methodology for design, monitoring, and continuous improvement of an Information Security Management System (ISMS)
ISO 27701 Certification
An extension framework to the ISO/IEC 27001 standard that provides requirements for the design and implementation of privacy for organizations (PIMS)

ISO 27001 Certification Process Overview

Initial Audits

In an initial year of a certification audit, the audit includes two stages.

Stage 1 Audit: First, Armanino Certified, LLC will review your Information Security Management System (ISMS) and Privacy Information Management System (PIMS) and confirm they comply with the ISO 27001 standard. Upon completion of this stage, you will receive a detailed report identifying any areas of concern.

Stage 2 Audit: Once Stage 1 is complete, Stage 2 begins, and tests the conformance of the ISMS and PIMS. During the on-site audit, we will perform testing procedures, including conducting interviews, observing processes and inspecting artifacts, to determine and document conformance.

Surveillance Audits

To ensure your organization’s ISMS and PIMS continue to demonstrate conformance with ISO 27001, surveillance audits are required to maintain certification. Surveillance audits serve many purposes: confirming the scope is consistent with the original certification, ensuring improvement of the ISMS is present and confirming that validation of ongoing monitoring procedures is being performed. Certification is valid for three years, but requires a surveillance audit in years two and three. It’s required to complete surveillance audits between 12 and 24 months of the initial certification decision date.


A recertification audit is conducted after the surveillance period to maintain continued certification. Similar to initial certification, this is a full audit of all of the required ISMS and PIMS, as well as prior performance, changes to the system or standard and potential changes to scope. Upon the successful completion of a recertification audit, a decision to remain certified will be made before your next surveillance period starts.

For certification validity, please email [email protected]

Things To Know

Armanino Certified

Armanino ISO Certification Seal

Certificate Decisions

As your certification body, we have defined criteria for all certification decisions including granting, refusing, maintaining, renewing, suspending, restoring and withdrawing the certificate. These processes follow the requirements defined in ISO/IEC 17021 and other normative documents.

Armanino Certified, LLC communicates with our clients through the engagement team regarding all certification decisions. All decisions related to certification are approved by Armanino Certified, LLC leadership, and are required to adhere to our document certification processes.

Our Impartiality Statement

As part of our commitment to impartiality with our applicant and certified organization relationships, Armanino Certified, LLC manages neutrality on an individual staff auditor level and on an account level to ensure objectivity across all assessment activities. Armanino Certified, LLC has also established an impartiality committee to review the effectiveness of these controls. The committee has the authority to make decisions affecting the business to safeguard against the compromise of impartiality, such as by actions of self-interest, self-review, familiarity or intimidation.

Armanino Certified, LLC Logo Use

Armanino Certified, LLC’s ISO 27001 and ISO 27701 certification logo is only to be used to illustrate conformance with the standards. The use of our name and logos regarding ISO 27001 and 27701 certifications are governed by the terms and conditions in our contracts with clients. Armanino Certified, LLC monitors the use of its name and logo to ensure compliance with our contractual agreement and ISO 17021-1.


Armanino Certified, LLC reserves the right to suspend certificates of its clients at any time due to situations involving, but not limited to, violations to the certificate agreement, negligence, concealment of material facts, non-conformance to the underlying audit criteria, investigations, complaints, and unpaid invoices for services rendered.

Certification is invalidated at any point within a suspension period. For certification validity, please email [email protected].


The Armanino Certified, LLC audit team strives to clearly communicate the justification for its decisions related to certification activities. When a situation arises wherein the client does not agree with the audit team, the client may appeal the decision to Armanino Certified, LLC management. A point of contact, who is separate from the audit team, will be assigned to research the appeal Armanino Certified, LLC leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly with the client’s audit team or by emailing [email protected]


Complaints filed against Armanino Certified, LLC or our certified clients are received, handled, and resolved in accordance with ISO 17021-1. Armanino Certified, LLC has developed a process managed by a team independent of our audit team to document and track complaints. Complaints will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and at the time of complaint resolution. For any complaints, please email [email protected].

Patrick Hall - Partner, Audit - San Ramon CA | Armanino
Patrick is a partner in the Risk Assurance & Advisory practice leading the firm’s SOC and HITRUST practices.

San Ramon, CA
Mark Knight - Risk Assurance & Advisory| Armanino
Mark is a partner in the firm's SOC practice and leads the firm's cybersecurity and privacy practices.

Austin, TX
Arti Lalwani - Consulting | Armanino
Managing Director
Arti is a managing director in the Trust practice leading the firm’s ISO practice focused on ISO 27001 audits.

Nashville, TN
Need to Talk?

We're Here for You

If you have any questions or just want to reach out to one of our experts, use the form and we'll get back to you promptly.

For more information about ISO Certifications at Armanino Certified, LLC please contact: [email protected]