CERTIFICATO IWZ logo
English | Italian | AR
Certification Request
CERTIFICATO IWZ — International Certification Services

CERTIFICATION REQUEST

Please select and fill in only the applicable sections (organization and/or products).
List of products to be certified (if applicable)
Product name Category / Family Brand Production site Notes (critical ingredients, suppliers, volumes, etc.)
Are other ISO schemes implemented in the organization?
Is the management system part of an Integrated Management System (IMS)?
Head office / main site
Address Core process / activities (ATECO/NACE) Effective number of employees (FTE) Work shifts (details) Similar work only for claims reduction
Operational offices / sites (if any) (Fill in if other operational sites are present.)
Address Core process / activities (ATECO/NACE) Effective number of employees (FTE) Work shifts (details) Similar work only for claims reduction
Temporary offices / sites (if any) (Fill in for construction sites, temporary or mobile sites.)
Address Core process / activities (ATECO/NACE) Effective number of employees (FTE) Work shifts (details) Similar work only for claims reduction

OTHER INFORMATION FOR EACH ISO SCHEME

# Question / Requirement Yes / No Remarks
Information and Scope of the Management System
1 Does the organization belong to a Group, Holding Company, Corporation, etc.?
Information and Scope of the Management System
2 Is the management system currently implemented?
3 Are there any requirements of ISO 9001 excluded? If so, what are the excluded requirements and what are the reasons for the exclusion?
4 Are there any processes / products / services / activities that are excluded from the scope of the management system? If so, what are they and what are the reasons for the exclusion?
5 Are there any operational sites excluded from the scope of certification?
6 Are the activities covered by the certification outsourced?
Operational and logistical activities
7 Does the organization carry out activities in sites open to the public?
8 Are there workers operating outside the organization's premises?
9 Are there any activities or places with restricted access that require formal permission for entry?
Health, safety and risks
10 Does the organization use dangerous substances and/or preparations?
11 Are there activities with a major accident risk?
12 Are there any activities that require fire checks?
13 Are there any legal obligations regarding occupational health and safety?
14 Have there been cases of occupational diseases contracted by employees?
15 Have there been any injuries in the last year? If so, what was the number of accidents recorded and of what nature?
ISO 27001
16 Have there been any cases of cyber incidents in the last year? If so, how many were there and of what nature?

ONLY ISO 27001 Additional Details

ONLY ISO 27001 SOA and critical asset information

Mandatory: Please attach SOA – Declaration of applicability

Which are the sites where the critical assets are located for certification purposes (e.g. servers and server locations)

Asset / name / provider Site / address Processes / activity

Factors for calculating and adjusting audit time
ISO/IEC 17021-1:2015 – Annex D – Table D.1

a) Complexity of the ISMS — Select level (1–3)

How complex is your ISMS in terms of information security requirements, number of critical assets, and business processes?

b) Type(s) of business performed within scope of the ISMS — Select level (1–3)

What kind of business activities does your organization carry out in the context of the ISMS?

c) Previously demonstrated performance of the ISMS — Select level (1–3)

What is the current state of performance of your ISMS?

d) Extent and diversity of technology used within the ISMS — Select level (1–3)

What is the extent and diversity of the technology used to implement the ISMS?

e) Extent of outsourcing and third-party arrangements — Select level (1–3)

To what extent are outsourcing and third-party agreements used within the ISMS?

f) Extent of information system development — Select level (1–3)

What is the extent of information system development activities within your organization?

g) Number of sites and disaster recovery (DR) sites — Select level (1–3)

How many disaster recovery (DR) locations and sites do you have?

h) Number and complexity of controls — Select level (1–3)

What are the number and complexity of the implemented controls?

ONLY ISO 27001
Other details useful for understanding the complexity of the IT system (please, describe)
If not already mentioned above, e.g. users, servers, workstations, mobile devices, operating systems, databases, DR sites, cloud, regulations (GDPR, NIS2, etc.)

Additional information

# Question / Requirement Yes / No Remarks
17 Confidentiality by your company for confidential or sensitive information?
18 Availability of access to organizational MS records for assessment / review?
19 Is all MS information / records can be made available for review to the Audit team? In case of confidential or sensitive information can’t be revealed to the Audit team, kindly specify:
type of information / records can’t be disclosed to Audit team,
reason for non disclosure
20 Language of Audit?
21 Have you specific programme / timescale for achieving registration?
22 Have you called on the services of a consultant?