The AUDEG Certification Body is currently in the accreditation procedure according to DIN EN ISO/IEC 17021:2015 by the German Accreditation Body (DAkkS). The AUDEG certification body is part of the registered cooperative, but acts independently within AUDEG with regard to activities and decisions on certifications.

The scope of accreditation covers the following standards:

  • Information security managment in accordance with ISO/IEC 27001:2013

As a cooperative, AUDEG is not itself geared towards making a profit, but serves its members as a platform with professional organisation and value creation. This makes AUDEG the optimal partner in the certification process - for companies and auditors.

Certification procedure


In order to have a certification carried out, the institution to be certified (client) must submit a formal application. The application to the AUDEG Certification Body can be submitted by e-mail or by post to the AUDEG Head Office (Friedrich-Ebert-Anlage 36, 60325 Frankfurt am Main). If necessary, the applicant can arrange an information meeting with the office when completing the application. The AUDEG Certification Body will confirm receipt of the application in writing.

On the basis of the framework parameters determined, the AUDEG Certification Body determines whether it is in a position to carry out the procedure. For this purpose, the first step is to check whether all the required information is available; if necessary, it will be requested subsequently.

Initial certification:

Audit stage 1
In stage 1 of the audit, the readiness of the company to be certified is determined. The aim is to determine whether a stage 2 audit can be carried out at all. Following the content-related checks, the auditor assesses whether the efforts, resources and competences defined in the planning of the procedure are sufficient for stage 2 or whether adjustments need to be made. The result is recorded in the report on stage 1 and, if necessary, coordinated with the certification body.

Audit stage 2
This audit stage serves to verify the effectiveness of the procedures provided for in the management. It is checked whether the process descriptions and procedures conform to the requirements of ISO/IEC 27001. Furthermore, the implementation and lived practice with regard to the own requirements of the organisation to be audited as well as the ISO/IEC 27001 are subject of the audit.

Certification decision
The AUDEG certification body decides on the basis of the audit documentation and the recommendation of the audit team whether to grant, refuse, maintain, extend or restrict, withdraw or reinstate the certificate. For this purpose, the AUDEG certification body may, if necessary, request further evidence from the client. A prerequisite for the granting of the certificate is the timely rectification of any deviations found and proof that all requirements of the certification basis are fulfilled.

A successful initial certification is concluded with the issuance of a certificate for 3 years.

Surveillance audit:
Surveillance audits ensure that the effectiveness of the ISMS continues and is maintained. After the 2 surveillance audits, a re-certification audit must be conducted. The following deadlines apply:

  • the 1st surveillance audit must be carried out within 12 months;
  • for all further surveillance audits a period of 12 months +/- 3 months applies, whereby a postponement to another calendar year is not permitted.

Within the scope of a re-certification, basic procedures are re-examined in addition to the effectiveness of the ISMS. The purpose of the re-certification audit is to confirm the continued conformity and effectiveness of the ISMS as a whole, as well as its continued relevance and applicability to the scope of the certification. The contents are usually based on those of a level 2 audit.

The following deadline applies: The re-certification audit must be fully completed before the certificate expires. This includes all steps within the audit until the certificate is issued.

You can send us enquiries about the status of a certification via our contact form.