Impartiality and Inquiries

Introduction

​

At the core of Sentry Assurance’s impartiality policy is Sentry Assurance’s management’s commitment to maintaining independence, in fact, perception and removing threats to impartiality. Sentry Assurance defines threats as a relationship that threatens the impartiality based on ownership, governance, management, personnel, shared resources, finances, contracts, marketing, and payment of a sales commission and/or other inducements for the referral of new clients.

​

Review and analysis of impartiality are conducted on an ongoing basis as well as annually with regards to all prospects, clients, and personnel to ensure all conflicts of interest and threats to impartiality are identified, reviewed, analyzed, resolved, and monitored. In addition, Sentry Assurance’s review process ensures that we do not perform audit services for clients where non-audit services have been performed and that ISO management consulting services are not performed by Sentry Assurance.

​

Sentry Assurance’s leadership ensures adherence to the impartiality policy through periodic management reviews, automated monitoring tools, internal audits, and formal risk assessments of our audit processes.

Sentry Assurance operates under and complies with the independence requirements established by the American Institute of Certified Public Accountants, ISO/IEC 17021 and ISO/IEC 27006 and has developed this impartiality policy and supporting procedures to ensure ongoing compliance.

ISO 27001 Certification Process

Scope Assessment

As part of the initial engagement, we will perform a comprehensive assessment of the services and systems under review. After obtaining a clear and thorough understanding of our client’s environments, we will customize an audit plan and provide access to an online collaboration tool that includes all required documentations, identification of key personnel from both Sentry Assurance and the client and documented target milestones within our project calendar.

Stage 1 Audit

​

As part of the Stage 1 audit, Sentry Assurance reviews your company’s documentation to confirm it is in compliance with the requirements of ISO 27001. At the completion of this stage, clients are provided with a detailed report identifying any nonconformities. In addition to the deficiencies/nonconformities report, Sentry Assurance will provide you with a roadmap of next steps.

​

Stage 2 Audit

​

Once your organization completes Stage 1, you move into Stage 2, which tests the conformance of the ISMS. During the onsite audit, we will perform testing procedures such as interviews, observation of processes and inspection of artifacts to determine and document conformance.

​

Surveillance Audit

​​

To ensure that your organization’s ISMS continues to demonstrate conformance with ISO 27001, surveillance audits are required to maintain certification. Surveillance audits are designed to confirm the scope is consistent with the original certification, improvement of the ISMS is present and validation of ongoing monitoring procedures is being performed. Certification is valid for three years, but requires a surveillance audit in years two and three. Surveillance audits are required to be completed between 12 and 24 months of the initial certification decision date.

​

Recertification

​

A recertification audit is conducted after the surveillance period to demonstrate a complete ISMS audit to maintain continued certification. Similar to initial certification this is a full audit of all of the required ISMS and prior performance, changes to the system or standard, and potential changes to scope. Upon successful completion of your recertification audit and decision to remain certification will be made prior to entering into your next surveillance period.

​

Audit Process

​

Sentry Assurance has developed a methodology for conducting ISO 27001 a certification audits that is in conformity with ISO 17021. The methodology addresses the steps of the certification cycle including Stage 1, Stage 2, and Certification Decision, as well as the ongoing required surveillance audits.

​

We communicate audit expectations, timing, and deliverables to our clients through audit planning documentation, kick-off/closing meetings, status sheets available through our client portal and regular meetings. Sentry Assurance standard methodology provides consistency to the certification audits process.

Certificate Decisions

Information on the certification body’s processes for granting, refusing, maintaining, renewing, suspending, restoring, or withdrawing certification or expanding or reducing the scope of certification is defined below.

​

Granting of certification:

​

Upon completion of the initial certification, recertification or certification transfer audit process, Sentry Assurance’s certification decision maker will perform a comprehensive review of the audit file and any corrective action plans and supporting evidence. The review will verify that the Company’s management system is in conformance with the applicable ISO standard and non-conformities have been properly addressed. Upon successful completion of this review, Sentry Assurance grants the certification.

Refusing of certification process:

Should Sentry Assurance’s certification decision maker’s comprehensive review of the submitted audit package result in the identification of open issues or non-conformities, Sentry Assurance’s certification decision maker shall withhold the granting of certification until such time that the Company can demonstrate all criteria for certification has been achieved. If the Company exceeds the allowable remediation period outlined in the applicable standard a new initial certification audit will be required.

​

Maintaining certification process:

​

Sentry Assurance requires that over the lifecycle of the certification, annual surveillance audits must be completed in years two and three, with a recertification audit to be completed prior to the expiration of the certification. Sentry Assurance’s certification decision maker may suspend or withdraw the Company’s certification if the required audits are not performed or open non-conformities have not been properly addressed.

​

Suspension of certification process:

​

Sentry Assurance will initiate its suspension process if the Company does not re­-establish conformance of its management system standard requirements within the allowable timeline, fails to abide by the contract terms and agreements or fails to perform the required audits.

​

Restoring of certification process: 

​

Sentry Assurance will restore a certification that has been placed on suspension once all outstanding issues have been closed and verified as such through off-site or on-site review.

​

Withdrawal of certification process:

​

Sentry Assurance will withdraw a certification as a direct result of, but not limited to, non-performance of audits, miss-representation, non-closure of open corrective action, failure of the appeals processes to close an open corrective action or at the request of the Company.

​

Expansion of certification process:

​

At the request of the Company through an application process, Sentry Assurance will request and review documentation supporting the additional scope. Upon completion of the review, an on-site audit will be performed to determine conformance of the Company’s additional scope with the applicable ISO standard. This may require an addendum to the contract and/or additional fees.

​

Reduction of certification process:

​

Sentry Assurance may require that the Company’s scope of certification be reduced if it is determined that the scope is no longer valid. Sentry Assurance’s certification decision maker will approve a request from the Company for scope reduction if audit procedures support that the scope is no longer applicable to the Company’s business. Sentry Assurance’s certification decision maker will refuse scope reduction if the reduction is to avoid non­-conformities.

​

Sentry Assurance’s Name and Logo

​

Sentry Assurance has developed a trademarked logo that demonstrates our certified clients’ conformance with relevant ISO standards. The rules associated with the use of our name and logo regarding ISO certifications are documented in the terms and conditions of our contract and again upon successful certification for our clients. Sentry Assurance monitors the use of its name and logo to ensure compliance with our contractual agreement, ISO 17021 and ISO 27006.

​

Appeals and Complaints

​

APPEALS

​

Appeals filed against Sentry Assurance are received, handled and resolved in accordance with ISO/IEC 17021-1. Sentry Assurance’s audit team strives to clearly communicate the justification for their decisions related to the certification and inspection services. When a situation arises where the client does not agree with the audit team they may appeal the decision to Sentry Assurance’s leadership. A point of contact, who is separate from the audit team, is assigned to research the appeal. Sentry Assurance’s leadership will review the results of the research and communicate the decision to the client. Appeals may be generated directly by the client’s audit team or by emailing: Appeals@SentryAssurance.com.

​

COMPLAINTS

​

Complaints filed against Sentry Assurance, or our certified clients, are received, handled and resolved in accordance with ISO/IEC 17021-1. Sentry Assurance has developed a process managed by a group independent of our audit team to document and track the complaint. The complaint will be investigated and resolved in accordance with our documented policies. The complaint initiator will be kept informed throughout the process and of the complaint resolution. Complaints may be filed by emailing: Complaints@SentryAssurance.com.

​

Information Requests

​

Inquiries may be submitted directly to Sentry Assurance, including areas where we operate, certificate status and information for our certified clients by emailing: ISOAccreditation@SentryAssurance.com.