top of page

Certifications

Helping You Become Great

Transition Requirements for ISO/IEC 27001:2022

On 25th October 2022, ISO 27001:2022 was release, replacing the version from 2013 to address the growing global cybersecurity challenges. With the rise in cyber-crimes and with new threats constantly emerging, ISO/IEC 27001:2022 helps organisations manage cyber-risks by proactively identifying and addressing their weaknesses. Through implementation, maintenance, and continual improvements in Information Security Management Systems, this new standard will secure information assets which is vital in today’s digital world.

BRS Standard Certification Services

  • ISO9001 Quality Management System (QMS)

  • ISO14001 Environmental Management System (EMS)

  • ISO45001 Occupational Health and Safety (OHS)

  • ISO22000 Food Safety Management System (FSMS)

  • ISO27001 Information Security Management System (ISMS)

  • ISO22301 Business Continuity Management System (BCMS)

  • ISO13485 Medical Devices Management System (MDMS)

  • Good Manufacturing Practices (GMP)

  • Hazard Analysis Critical Control Points (HACCP)

Certification Process

The certification process involves BRS assessing your organization in order to ensure that the management systems meet the requirements of one or recognized standards.

BRS-certified customers hold the right to publicly inform their certification status in the Certificate of Registration (CoR) and usage of the BRS Registered Mark. Continuous assessments through surveillance of the organization's processes and activities are required as evidence of continuing adherence to the protection of communities and consumers to applicable legal obligations, regulations, and contractual agreements. The information obtained from the assessment is confidential and is reflected in the reporting. 

Certification Steps:

1. Application

Firstly, new clients are to complete a questionnaire form sent by the BRS Marketing team for review and analysis. Once the review has been completed, the BRSMarketing team will prepare an official Quotation for the customer. Next, we will send the Terms of Business Agreement for the signed Quotation to the client for their acceptance.  

2. Conducting Audits

The BRS team will review the information received during the application stage and plan for the audit by determining the audit time as per the scope of the certification, audit team competency, and review of the impartiality. The Audit Plan will be sent to the client to notify the proposed audit schedule before the audit commences. All of our BRS team members have signed the confidentiality statement to ensure that all information gathered during the audit will be kept confidential to protect the client's information. When BRS is required by law to release confidential information, the client will be notified of the information provided.

Types of the Audits:

(a) New Company 

The Inital Audit comprises of Phase 1 (P1) and Phase 2 (P2) audits. 

The objective of the P1 Audit is to carry out a documentation audit, confirm the certification scope and the company's readiness to proceed to P2 Audit. 

P2 Audit is to assess the company's system effectiveness in implementation to conform to the ISO standard. 

(b) Existing Certified Companies

Surveillance Audit (SA) -  after a successful P2 Audit, the certified company will have two annual Surveillance Audits, one audit per year for two years. The BRS Audit team will carry out surveillance activities so that BRS can maintain confidence that the company's management system continues to fulfill the requirements of the standards.

Re-certification Audit (RA) - after two successful Surveillance Audits,  a full audit similar to the P2 Audit will be carried out on-site. The purpose of this RA is to confirm the continued conformity and effectiveness of the company's management system as a whole, and its continued relevance and applicability for the scope of certification.

Special Audits - example of this special audit is for a company's expansion scope, investigating customer complaints to the certified company, re-audit for the major non-conformance and etc.

3. Certification Decision

Granting Certification -

The BRS Certification Review  Committees (CRC ) will approve the company for certification after the client's company has successfully completed the audit with the rectification of the audit findings applicable to the types of the audit. BRS Certified companies can use the BRS logo as per the BRS Logo guidelines.

Refusing Certification -

The CRC will refuse the certification for any of the following reasons but not limited to, any major non-conformance found by the audit team for a situation that has risk and threatened the audit or if the audit did not comply with the ISO17021 and IAF requirements.

Voluntary Suspension or Involuntary Suspension -

Companies can request a voluntary suspension for up to a maximum of six (6) months and the request must be submitted in writing. Involuntary suspension can be due to the CRC's refusal of registration for the serious failure to meet certification requirements and failure to take effective corrective actions within the set timeline. This includes failure to pay the fees due after a written notice is issued by BRS.  A special audit will be required for BRS Auditor to re-assess the suspended company on its management system to ensure the system meets the certification requirements, relevant legislation, and BRS procedures. After a satisfactory assessment has been completed, the suspension status will be lifted and the company's original certification status can be reinstated.

Restoring -

This is to resume the registration back to the previous status after the suspension period ends or anytime before the six (6) months suspension period if requested by the client to restore its certification status. A special audit is required before restoring the certification.

Withdrawing -

At the end of the suspension period, the client will need to inform the BRS team to either withdraw its certificate or restore its previous status. If the final decision is to withdraw the certificate, the certified company will be deleted from the BRS's certified list and the company will be notified to return its certificate to BRS or to arrange other destruction methods.

Transfer Certificate -

CRC will review whether the company has an active registration with another CB or an inactive registration status. For the inactive registration status, the company is considered a new company and will undergo the Initial Audit stages. For the active registration with another CB, the CRC will need to review this based on a case-by-case basis. 

Our Accreditation 

bottom of page