Steps To Certification

Gather Information

  • Visit the the Insights Association ISO Page for implementation tools and educational content.
  • Visit the CIRQ website for the step-by-step certification process.

Purchase the Standard(s) from ANSI

*this revises ISO 20252:2006

Understand the Standard(s)

  • Read the standard(s) and using four colored highlighters, look for the following words and highlight them in different colors:
    • "shall" means you must do this - this is a requirement of the standard
    • "procedure" tells  you what documented procedures you need to have in place
    • "record" means you need to be able to show a record (i.e. evidence) of performing this task or function
    • "document" means the event, occurrence or process must be written down (i.e. documented).
Completing this task will help provide an understanding of the standard's requirements

Establish Staff Support

  • Appoint a Quality Manager or Team (Note: Quality Manager is usually NOT a full time position)
  • Garner top-level support (CEO)

Determine Scope of Certification

  • A description of the total services you provide to a client
  • The geographic area of those services
  • Any exclusions that may apply
This scope will be included on the CIRQ Registry once the company achieves certification and will also be listed on the Certificate of Compliance

Request Quote

  • Submit a "Request For Quote".
  • A cost estimate will be generated from this information and provided to you along with a Standard Certification Agreement.
  • If you are ready to proceed, you then complete a brief "Authorization to Proceed" form.
  • For ISO 27001 certification, please send email to to receive an application.


  • Client receives self-assessment from CIRQ
  • Client completes CIRQ self-assessment form indicating compliance with each applicable section of the ISO 20252 and/or 26362


  • CIRQ evaluates client self-assessment against the components of the standard(s) and prepares a pre-assessment report that indicates the client's readiness to be audited
  • For ISO 27001, upon approval of the application and estimated fees, a Stage 1 and Stage 2 audit will be scheduled.

Audit Plan

  • CIRQ and client communicate regarding the schedule of the initial onsite audit, sites to visit, fees, etc.

Onsite Audit

  • CIRQ auditor(s) conduct the onsite audit, beginning with the client headquarters and following with the agreed upon additional locations, if any

Audit Report

  • Results of the audit are documented by the Lead Auditor and a report is submitted to CIRQ and subsequently to the client


  • Audit report and final invoice are submitted to the client
  • Upon successful completion of the audit and final payment, the certificate of compliance is issued

Client Feedback

  • Formalized client interview is requested after each audit or client assessment event

1st Surveillance Audit

  • Planning of the 1st surveillance audit begins 3 months prior to the 1st surveillance and will be completed 12 months from the last audit

2nd Surveillance Audit

  • Planning of the 2nd surveillance audit begins 9 months following the 1st surveillance audit and will be completed 12 months from the last audit


  • Scheduling of the re-certification audit begins 9 months following the 2nd surveillance audit and will be completed 3 years from the first initial audit