Scroll to top

Resources

Quality Policy Impartiality Policy Confidentiality Policy Certification Process Complaints & Appeals Handling Use Of Certification Mark Transfer Of Certification Certification Check
Resources

Quality Policy

Cyber AI Certification is committed to provide globally benchmarked management system certification services that meet or exceed customer expectations in a systematic and lawful manner, so as to achieve continual improvement.

This is achieved by,

  1. Complying with all applicable regulatory requirements and other requirements such as relevant industry standards and any customer requirements
  2. Identifying and evaluating continuous improvement opportunities for the services we provide
  3. Maintaining a documented management system which meets the requirements of ISO 17021:2015 standard
  4. Setting measurable objectives for continuous improvement, including the reporting and reviewing of the performance of these objectives
  5. Providing sufficient resources to address implementation needs and reviewing the effectiveness of the management system
  6. Ensuring that the quality policy is documented, effectively communicated, understood and applied within the organisation
  7. Top management taking accountability for the effectiveness of the management system
  8. Ensuring the integration of the management system requirements into the organization's business processes
  9. Promoting the use of the process approach and risk-based thinking
  10. Communicating the importance of effective management and the need for conforming to the management system requirements to all interested parties
  11. Ensuring that the management system achieves its intended results
  12. Engaging, directing and supporting persons to contribute to the effectiveness of the management system
  13. Assigning necessary roles, responsibilities and authorities and supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility

All persons doing work under Cyber AI Certification's control shall be aware of this quality policy and relevant quality objectives and shall contribute to the effectiveness of the management system.

The benefits of improved performance include but not limited to:

  • Better reporting and communications
  • Better quality service
  • Better internal management
  • Less wastage, defects and mistakes
  • Increase in efficiency, productivity and profit
  • Improved customer retention and acquisition
  • Global recognition
  • High employee morale and retention
  • Compliance to regulatory requirements

The implications of not conforming to the quality management system requirements include but not limited to:

  • Unsatisfactory services
  • Customer complaints, poor customer satisfaction and lost orders
  • Loss of business reputation
  • Wastage and non-value adding activities
Resources

Impartiality Policy

Cyber AI Certification understands the importance of impartiality in carrying out its management system certification activities, manages conflict of interest and ensures the objectivity of its management system certification activities.

Cyber AI Certification takes the conformity assessment activities impartially.

Cyber AI Certification takes responsibility for the impartiality of its conformity assessment activities and does not allow commercial, financial or other pressures to compromise impartiality.

Top management of Cyber AI Certification is committed to impartiality in management system certification activities.

The risks related to conflict of interests arising from provision of certification including any conflicts arising from Cyber AI Certification’s relationships are identified, analyzed, evaluated, treated, monitored, and documented on an ongoing basis. Where there are any threats to impartiality, Cyber AI Certification documents and demonstrates how it eliminates or minimizes such threats and documents any residual risk. When a relationship poses an unacceptable threat to impartiality, then certification is not provided.

Cyber AI Certification does not certify another certification body for its management system.

Cyber AI Certification and any part of the same legal entity and any entity under the organizational control of Cyber AI Certification does not offer or provide management system consultancy.

Cyber AI Certification and any part of the same legal entity and any entity under the organizational control of Cyber AI Certification does not offer or provide internal audits to its certified clients.

Cyber AI Certification does not outsource audits to a management system consultancy organization, as this poses an unacceptable threat to the impartiality of Cyber AI Certification. This does not apply to individuals contracted as auditors.

Cyber AI Certification’s activities are not marketed or offered as linked with the activities of an organization that provides management system consultancy.

Cyber AI Certification will take action to correct inappropriate links or statements by any consultancy organization stating or implying that certification would be simpler, easier, faster or less expensive if Cyber AI Certification were used.

Cyber AI Certification will not state or imply that certification would be simpler, easier, faster or less expensive if a specified consultancy organization were used.

In order to ensure that there is no conflict of interests, personnel who have provided management system consultancy, including those acting in a managerial capacity, will not be used by the certification body to take part in an audit or other certification activities if they have been involved in management system consultancy towards the applicant.

Cyber AI Certification will take action to respond to any threats to its impartiality arising from the actions of other persons, bodies or organizations.

All certification body personnel, either internal or external, or committees, who could influence the certification activities, shall act impartially and shall not allow commercial, financial or other pressures to compromise impartiality.

Personnel, internal and external to Cyber AI Certification shall reveal any situation known to them that can present them or Cyber AI Certification with a conflict of interests.

All certification activities shall be conducted by meeting relevant legal requirements.

All personnel associated with Cyber AI Certification shall treat everyone fairly, have mutual respect, promote a team environment and avoid the intent and appearance of unethical or compromising practices.

All personnel associated with Cyber AI Certification shall encourage open dialogue and provide honest feedback on certification activities.

Unauthorized use of laboratory trade secrets and marketing, operational, personnel, financial and technical information integral to the organization is not permitted.

No employee shall use corporate assets or business relationships for personal use or gain.

Cyber AI Certification will neither practice nor encourage the following, 

  • A scientifically unsound or technically unjustified omission, manipulation, or alteration of procedures or data that bypasses the required processes, making the assessment results appear acceptable.
  • Creating information that is not true or the deliberate falsification of data or information.
  • The intentional recording or reporting of incorrect information.
  • An intentional gross deviation from the established practices, combined with the intent to conceal the deviation.
  • Inappropriate data entry, falsifying existing data, data manipulation or fabrication.
  • Incomplete recordkeeping or intentionally altering records for personnel or business gain.
  • Certifying an organization’s management system without auditing it.
Resources

Confidentiality Policy

  • The confidentiality of information regarding services rendered to organizations by Cyber AI Certification is maintained at all times and is not disclosed to any unauthorized person.
  • Confidential information includes all records whether hard copy of electronic format (such as policies and/or procedures), customer records, audit reports, audit evidences, financial information or other customer related information available in any medium including written, oral and electronic format.
  • Cyber AI Certification takes responsibility for the management of all information obtained or created during the performance of certification activities. Except for information that the customer makes publicly available, or when agreed between Cyber AI Certification and the customer all other information is considered proprietary information and is regarded as confidential.
  • When Cyber AI Certification is required by law or authorized by contractual arrangements to release confidential information, the customer or individual concerned will, unless prohibited by law, be notified of the information provided.
  • Personnel associated with Cyber AI Certification shall not in any way divulge, copy, print, download, release, review, alter or destroy any confidential information except where as required by their job duties and properly authorized by Cyber AI Certification.
  • Personnel associated with Cyber AI Certification shall exercise reasonable caution to prevent any person who does not need access to the information from seeing or overhearing confidential information.
  • The extent of the confidentiality commitment by the personnel associated with Cyber AI Certification shall not only be effective during their active employment status at Cyber AI Certification, but also carry over indefinitely after their employment seizes, regardless of the reason including resignation.
  • Personnel, including any committee members, contractors, personnel of external bodies, or individuals acting on Cyber AI Certification’s behalf, should keep confidential all information obtained or created during the performance of certification activities.
Resources

Certification Process

1. Application for certification

Organization seeking for certification is required to apply in prescribed application form.

ISO certification is location specific and accordingly certification is granted to a specific location of the organization applying for certification.

The applicant organization shall implement, maintain and continually improve a management system in accordance with relevant standard. The application shall be complete in its contents.

The applicant organization shall read and understand the terms and conditions for obtaining and maintaining ISO certification and accept it.

The applicant organization shall ensure correctness of the information provided in the application with a special care in filling the scope of certification.

The applicant organization is also required to specifically mention about their site and/or mobile facilities, if any, coming under the scope of certification.

On receipt of completed application for certification, Cyber AI Certification will provide an acknowledgement to the applicant organization.

Cyber AI Certification reviews the information provided by the applicant organization to determine the suitability of the application for certification before acceptance and processing for certification. During and after scrutiny of application for its completeness in all respects, Cyber AI Certification may seek additional information/ clarification(s) at this stage, as deemed necessary and required for the purpose of certification.

Application may be rejected in case information provided in the application is not relevant to ISO certification.

The application can also be rejected if the applicant organization is found to have applied under 'First Certification' category but in actual it is a certified organization (validity mentioned in Certification Certificate not yet over) or a certified organization with its certification currently under adverse action (adverse action communicated and cooling-off period is not over/adverse action initiated but not yet completed or a new organization but its previous application is under inactive category/closed with cooling period not over).

The application shall be rejected or audit process terminated, if the applicant organization has provided false information or concealed any information or if there is evidence of fraudulent behavior will bring Cyber AI Certification to disrepute through its activities, forcing its interest on Cyber AI Certification to deviate from certification procedure.

In all the above-mentioned cases, the fee paid is non-refundable/non-transferable/non-adjustable.

Once Cyber AI Certification accepts the application, it will send a commercial proposal to the applicant organization. Upon confirmation of acceptance of proposal by the applicant organization and the receipt of the application fee, the process of certification commences with scheduling of audits on mutually agreeable dates.

2. Audits

Preferably an onsite review at the main site (unless otherwise limited by logistics) of the client's management systems documentation is conducted to verify that the requirements of the applicable management standard are satisfactory.

Audit team: For any type of audit, Cyber AI Certification appoints an audit team which can consist of lead auditor/technical auditor(s)/technical expert(s)/Cyber AI Certification officer(s)/ Observer(s) depending on the type of audit. The number of team members and role of the members depend upon the applied scope for certification.

Audit duration: Cyber AI Certification will inform the applicant organization about the audit duration. It may vary and depends on the applied scope of certification (Disciplines/ Groups/ Subgroups, Product matrix as applicable), consideration of resources and facilities available with the organization with respect to applied scope for certification.

In case of natural disaster, declared pandemic situation or any other emergency, the man days may vary.

2.1 Stage 1 audit

Once the document review process is completed, Cyber AI Certification will assign an audit team to conduct the stage 1 audit of the applicant organization.

The stage 1 audit is conducted to:

  • Review the applicant organization's management system documented information.
  • Evaluate the applicant organization's site-specific conditions and conduct discussions with personnel to determine preparedness for stage 2 audit.
  • Review the status and understanding regarding requirements of the standard, particularly with respect to the identification of key performance aspects, processes, objectives, and operation of the management system.
  • Obtain necessary information regarding the scope of the management system, including:
    • The sites
    • Processes and equipment used
    • Levels of controls established
    • Applicable statutory and regulatory requirements
  • Review the allocation of resources for stage 2 audit and agree the details of stage 2 audit with the organization.
  • Provide a focus for planning by gaining a sufficient understanding of the management system and site operations.
  • Evaluate whether internal audits and management reviews are being planned and performed, and verify readiness for stage 2 audit.

Cyber AI Certification will share the audit report with the applicant organization. If any concerns are identified, the organization shall address and communicate the status within 15 days of the stage 1 audit report.

2.2 Stage 2 audit

Stage 2 audit is conducted after completion of stage 1 audit.

Cyber AI Certification will appoint an audit team to conduct the stage 2 audit. Activities under the scope are audited, and audit duration is based on established criteria.

The audit team verifies compliance with the certification standard and related requirements. Documentation and technical competence are assessed for implementation and effectiveness. A summary report, including any non-conformities and recommended scope, is provided at the end of the audit.

On successful completion, Cyber AI Certification submits the audit report, including non-conformities if any, and provides a recommendation on certification.

The applicant must take actions to resolve any non-conformities within 30 days and submit evidence to Cyber AI Certification.

Once satisfactory, the documents are reviewed by a technical reviewer to make a final decision on certification.

The audit report will be submitted to the certification committee at the earliest in the following cases:

  • No non-conformity is observed.
  • Total system failure, fraudulent behavior, or any situation that may warrant denial of certification.

3. Surveillance audit

Each certified organization shall undergo annual surveillance audit which is aimed at evaluating continued compliance to the certification standard, specific criteria (wherever applicable) and Cyber AI Certification's policies. It is conducted before completing 12 months (preferably in the 10th month) from the date of certification.

4. Recertification audit

The certified organization shall apply for renewal of certification at least six (6) months before the expiry of certification to allow Cyber AI Certification to organize timely audit of the organization, so that the continuity of the certification status can be maintained. In case application is submitted late, there could be a break in certification cycle.

An application submitted after expiry of certification is not considered for renewal of certification. In such a case, the organization shall apply afresh. Organization also has to apply afresh if there is change in information related to the legal entity, name of the organization, ownership, address from the previously issued certificate. Under these situations, new certificate number will be allotted to the organization.

Cyber AI Certification will conduct the recertification audit within 36 months (preferably 34th to 36th month from the date of grant/renewal of certification). The certified organization is subjected to re-certification audit every 3 years before expiry of the validity of certification cycle.

5. Short notice and unannounced visits

If required Cyber AI Certification may conduct audits at Short Notice or unannounced to investigate complaints, or in response to changes, or as follow up to verify the status under Suspension of the certification or any other reasons to ensure the Objectivity of the Certification is maintained at certified organization’s end

For a certified organization, the body providing accreditation to the certificate may decide to arrange unannounced visits at certified organization’s facility.

If the accreditation body’s assessors/auditors arrive to certified organization’s site unannounced, then the certified organization must permit unrestricted access to the facility, management system documentation, and all associated records to them. The certified organization needs to show a readily available copy of the latest audit report issued by Cyber AI Certification and must demonstrate the evidence of the certification process (e.g., Management Review, closure of findings, corrective action). If the certified organization refuses to participate in the unannounced audit, the certificate shall be suspended within 3 working days of the date of refusal. Cyber AI Certification shall withdraw the certificate if the unannounced audit is not conducted within a six-month timeframe from the date of suspension.

6. Transfer of certification

Cyber AI Certification allows an organization which got its management system certified by another certification body to transfer their valid management system certification to Cyber AI Certification

In order to transfer the certificate:

  • The issuing certification body and Cyber AI Certification must be accredited by an accreditation body that is part of the IAF.
  • The subject certificate must be valid and active for the transfer to be completed.

Cyber AI Certification will conduct a transfer audit to ensure the management system is operational since the last audit. If the transfer is within 12 months of the certificate expiration date, Cyber AI Certification will also conduct a Stage 1 and Stage 2 audit

7. Dealing with a change in the name/legal entity

For making change in name of a certified organization under the same ownership, certified organization shall inform Cyber AI Certification within 15 days and shall apply afresh about the name change and submit the relevant documents and applicable fee for name change. The existing certification will no longer be valid. New certificate will be issued with the same certificate number. The effective date of issue of certificate will be the date of approval from the competent authority and the validity of certification shall remain the same as that of the previous certificate. Certified organization shall not claim certification status till the new name is approved by Cyber AI Certification.

In case of any change in the information contained in the certificate, certified organization shall apply to make the change and Cyber AI Certification will issue a fresh certificate with or without audit depending on the nature of the change, except in case of change in location, on-site audit at the new location will be conducted.

7.1. Dealing with Acquisition/ Take over/ Purchase/ Selling, Merger/ De-Merger of certified organization

For any change in ownership of the existing certified organization due to Acquisition/ Takeover/ Purchase/ Selling, Merger/ De-merger, certified organization shall inform Cyber AI Certification in advance. On completion of Acquisition/ Takeover/ Purchase/ Selling, Merger/ De-merger, the certified organization shall inform Cyber AI Certification within 15 days and shall apply afresh. The existing certification will no longer be valid. New certificate with the same certificate number will be issued. If the new firm/company/entity/organization acquiring the certified organization or merging with the certified organization/ de-merging of certified organization, desires to continue certification then, the new top management shall submit the declaration/documents to Cyber AI Certification. The effective date of issue of certificate shall be the date of approval from the competent authority and the validity of certification shall remain the same as that of the previous certificate. Certified organization shall neither claim to be Cyber AI Certification certified nor use Cyber AI Certification symbol till the further approval from Cyber AI Certification.

If the new firm/ company / entity fails to submit the declarations / documents the certification status of the certified organization will be withdrawn by Cyber AI Certification.

In case of any change in the information contained in the certificate, certified organization shall apply and Cyber AI Certification will issue a fresh certificate with or without audit depending on the nature of the change, except in case of change in location, on-site audit at the new location shall be conducted

7.2. Dealing with change in certified organization’s premises

For any change in premises (within the same building/ campus) of a certified organization, the certified organization shall apply afresh after moving to the new facility. Certified organization shall submit necessary the documents to Cyber AI Certification. The existing certification will no longer be valid. New certificate with same certification number will be allotted. Cyber AI Certification shall inform certified organization about the decision. The effective date of issue of certificate shall be the date of approval from the competent authority and the validity of certification shall remain the same as that of the previous certificate. certified organization shall neither claim to be Cyber AI Certification certified nor use Cyber AI Certification symbol at the new premises till decision on grant is communicated by Cyber AI Certification to the certified organization. In case certified organization shifts to premises in another location, it has to surrender the certification to Cyber AI Certification by clearing the outstanding amount, if any.

In case of any change in the information contained in the certificate, certified organization shall apply and Cyber AI Certification will issue a fresh certificate with or without audit depending on the nature of the change. In case of change in location, on-site audit at the new location shall be conducted.

7.3 Change in scope of certification of certified organization

7.3.1. Extension in scope of certification

In order to extend the certification scope, certified organization shall submit application for extension in scope of certification. Audit shall be conducted and decision shall be communicated following the audit process.

On grant of certification for the applied additional scope, Cyber AI Certification will issue revised certificate, to include the additional scope. The effective date of scope extension will be from the date of approval by Cyber AI Certification and the same will be mentioned as amendment date in the certificate/scope of certification. The date of expiry of the extended scope shall be the same as that of the existing certificate.

Application for extension in scope of certification will not be accepted at the time of scheduled audit (Surveillance audit and Re-audit).

7.3.2. Scope reduction

The certified organization shall inform Cyber AI Certification if the certified organization wishes to voluntarily withdraw a part of the certified scope at any stage during the valid certification period. Cyber AI Certification will accept the request and inform the certified organization. Amended certificate will be issued to the certified organization. No audit is required for voluntary reduction of scope.

Cyber AI Certification shall also reduce scope of certification if certified organization failed to demonstrate compliance to the certifocation standard for any activity related to any particular product/service mentioned in the scope. This will be communicated during the audit and further in the audit report

8. Certification decision-making

Cyber AI Certification has a system of independent review for certification decisions by a technical reviewer. Certification decisions are taken by authorized personnel, based on the recommendations from technical review, made by personn the audit team which carried out the audit. Cyber AI Certification always ensures that the decisions on certification are made by competent persons.

Cyber AI Certification issues certificate to the certified organization which has a unique number, date of validity along with the scope of certification. The ISO certification is valid for a period of 3 years as Cyber AI Certification follows a 3-year certification cycle for all schemes.

The certified organization shall clear all due payments to Cyber AI Certification. Certificate will be issued/ visible to the certified organization on website of Cyber AI Certification only after clearance of all the due payments to Cyber AI Certification.

9. Definition of certificate

A certificate is a document issued by Cyber AI Certification to the certified organization. If the certified organization holds a valid certificate that covers one site, this has to be counted as one certificate (single-site certificate).

If the certified organization holds one certificate which covers more than one auditable site, it is still counted as one certificate in as much as only one certificate was issued (multiple-site Certificate). If, however, the multiple auditable sites are certified individually, then each granted certificate has to be counted (single-site certificate).

Maintaining certification

9.1. Conformance to requirements

The certified organization, at all times shall conform to the requirements of relevant management system standard for it received certification, specific criteria (wherever applicable) and Cyber AI Certification’s policies.

9.2. Terms and Conditions

The certified organization is required to comply at all times with all requirements given in this document. The acceptance is to be submitted through certification agreement.

9.3. Use of certification mark

Certified organization shall not make or permit any misleading statement regarding its certification issued by Cyber AI Certification.

Upon withdrawal of its certification by Cyber AI Certification, certified organisation shall discontinue its use of all advertising matter that contains a reference to certification, as directed by Cyber AI Certification. Cyber AI Certification shall amend all advertising matter when the scope of certification has been reduced.

Certified organisation shall not allow reference to its management system certification to be used in such a way as to imply that Cyber AI Certification certifies a product (including services) or processes.

Certified organisation shall not imply that the certification applies to activities that are outside the scope of certification.

Certified organisation shall not use its certification in such a manner that would bring Cyber AI Certification and/or certification system into disrespect and lose public trust.

If certified organisation uses accreditation/certification logo, certified organisation shall stop using it as soon Cyber AI Certification informs the same to certified organisation.

The certified organisation shall not apply marks to laboratory test, calibration or inspection reports such reports are deemed to be products in this context.

Cyber AI Certification shall exercise proper control of ownership and shall take action to deal with incorrect references to certification status or misleading use of certification document marks and audit reports. Cyber AI Certification actions include request for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and it necessary, legal action.

Cyber AI Certification shall exercise proper control of ownership and shall take action to deal with incorrect references to certification status or misleading use of certification document marks and audit reports. Cyber AI Certification actions include request for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and it necessary, legal action.

9.4. Modifications to the certification criteria

If the relevant international standard, IAF requirements and Cyber AI Certification documents, are modified/amended, the certified organization is informed. In case, the transition period is defined by IAF then it is to be followed by the certified organization. In cases there is change in the Cyber AI Certification’s documents, the transition period of at least 6 months will be given to align its operations. However, the transition period may be reduced depending upon the nature of the changes.

9.5. Adverse decision against organization

If the applicant organization fails to submit corrective action within stipulated time frame, then Cyber AI Certification shall initiate action and subsequently certification shall be denied and application shall be closed. Once application is closed by Cyber AI Certification, then the certified organization shall apply afresh with applicable fee.

If the certified organization at any point of time does not conform to the applicable standards and Cyber AI Certification’s criteria; or does not maintain the Cyber AI Certification’s terms and conditions; or is not able to comply with the modified criteria, Cyber AI Certification may take adverse decision against the certified organization like denial of certification, reduction in scope of certification, suspension of certification, withdrawal of certification (and/or leading to debar from re-applying) as appropriate.

10. Confidentiality

The information given by the applicant organisation in application form as well as obtained during the processing of application, audit visit and grant of certification will be kept confidential by Cyber AI Certification (unless required by law). However, if any information of the organisation is shared in public domain like certification status, scope of certification, adverse decisions, and other common information then confidentiality will not be maintained. When Cyber AI Certification is required by law or authorized by contractual arrangements to release confidential information, the certified organisation will, unless prohibited by law, be notified of the information provided.

11. Complaints and appeals

Applicant have the right to complain against decisions taken by the auditor assigned by Cyber AI Certification. The complaint shall be in writing and an independent investigation shall be carried out by Cyber AI Certification and the findings of the investigation will be communicated to the applicant organization. Applicant organization will also have the right to appeal against any decision taken by Cyber AI Certification.

The complaints-handling process is managed to ensure objectivity, confidentiality, and timely resolution. Key aspects of our process include:

  • Acknowledgment of complaints upon receipt to confirm that the matter is being addressed.
  • Objective evaluation and investigation conducted by personnel not previously involved in the matter.
  • Confidentiality maintained throughout the process, protecting both the complainant and the subject of the complaint.
  • Collaborative decision-making with the complainant and the certified organization regarding whether, and to what extent, the nature and resolution of the complaint should be made public.
  • Implementation of appropriate corrections and corrective actions to address root causes and prevent recurrence.
  • Tracking and documentation of the complaint and all actions taken, as part of our continual improvement framework.

Any complaints against the applicant from a third party will be communicated to the applicant by Cyber AI Certification. The actions taken by the applicant on such complaints shall be notified and communicated to Cyber AI Certification.

Certified/applicant organization has the right to appeal any certification decision, including decisions to refuse, suspend, or withdraw certification. The appeals process is governed by principles of fairness, independence, and impartiality. The process includes:

  • Acknowledgment of appeals and confirmation of receipt to the appellant.
  • Impartial review by individuals not previously involved in the certification decision under appeal.
  • Protection from discrimination, ensuring that appellants are not subjected to any adverse consequences as a result of lodging an appeal.
  • Written communication of the decision, including justification, once the appeal has been reviewed and resolved.

12. Obligations of the certified organization

Certified organization shall comply with all the requirements of relevant certification standard at all times.

Certified organization shall provide accurate, current/updated, and complete information as required by Cyber AI Certification at the time of initial application for certification and during subsequent stages of certification.

The certified organization is obliged to disclose name of the consultant/ advisor at the time of applying for certification, wherever engaged.

The applicant organization must have conducted at least one internal audit (including all activities) and a management review (covering all agenda points as per the relevant standard) before the submission of application.

The applicant organization is expected to provide access to all facilities/ area of the applicant organization where its activities are carried out and other relevant management system documents/ records to establish and evaluate the competency, continuing compliance related with relevant certification standard, Cyber AI Certification’s criteria (wherever applicable) and Cyber AI Certification’s policies. The applicant organization is expected to facilitate the audit team for carrying out audit activities and provide necessary information.

The certified organization is required to notify Cyber AI Certification of any change that may affect the ability of the certified organization to fulfill requirements of certification, within 15 days. Notifiable changes include (but are not limited to): change in legal status, change in ownership, changes in organization, change in top management, change in scope, change in personnel, major change in policies, change in location, address etc.

The certified organization is required to pay necessary fees as decided by Cyber AI Certification from time to time.

The certified organization shall offer co-operation to Cyber AI Certification in investigating complaint issues.

The certified organization shall not indulge in fraudulent activities nor provide false information to Cyber AI Certification or conceal information. Such acts may result in withdrawal of certification.

The certified organization must also ensure that the procedures described in the Management system document and other documents are being implemented. Certified/applicant organization shall not, for the purpose of seeking any undue favour from the audit team offer any gift, whether in cash or in kind including reimbursement of any expenses incurred by audit team members during the course of audit.

Resources

Complaints & Appeals Handling

Applicant have the right to complain against decisions taken by the auditor assigned by Cyber AI Certification. The complaint shall be in writing and an independent investigation shall be carried out by Cyber AI Certification and the findings of the investigation will be communicated to the applicant organization. Applicant organization will also have the right to appeal against any decision taken by Cyber AI Certification

The complaints-handling process is managed to ensure objectivity, confidentiality, and timely resolution. Key aspects of our process include:

  • Acknowledgment of complaints upon receipt to confirm that the matter is being addressed.
  • Objective evaluation and investigation conducted by personnel not previously involved in the matter.
  • Confidentiality maintained throughout the process, protecting both the complainant and the subject of the complaint.
  • Collaborative decision-making with the complainant and the certified organization regarding whether, and to what extent, the nature and resolution of the complaint should be made public.
  • Implementation of appropriate corrections and corrective actions to address root causes and prevent recurrence.
  • Tracking and documentation of the complaint and all actions taken, as part of our continual improvement framework.

Any complaints against the applicant from a third party will be communicated to the applicant by Cyber AI Certification. The actions taken by the applicant on such complaints shall be notified and communicated to Cyber AI Certification.

Certified/applicant organization has the right to appeal any certification decision, including decisions to refuse, suspend, or withdraw certification. The appeals process is governed by principles of fairness, independence, and impartiality. The process includes:

  • Acknowledgment of appeals and confirmation of receipt to the appellant.
  • Impartial review by individuals not previously involved in the certification decision under appeal.
  • Protection from discrimination, ensuring that appellants are not subjected to any adverse consequences as a result of lodging an appeal.
  • Written communication of the decision, including justification, once the appeal has been reviewed and resolved.
Please agree to our Terms & Conditions, Disclaimer and Privacy Policy.
Resources

Use of Certification Mark

  • Certified organization shall not make or permit any misleading statement regarding its certification issued by Cyber AI Certification.
  • Upon withdrawal of its certification by Cyber AI Certification, certified organisation shall discontinue its use of all advertising matter that contains a reference to certification, as directed by Cyber AI Certification. Cyber AI Certification shall amend all advertising matter when the scope of certification has been reduced.
  • Certified organisation shall not allow reference to its management system certification to be used in such a way as to imply that Cyber AI Certification certifies a product (including services) or processes.
  • Certified organisation shall not imply that the certification applies to activities that are outside the scope of certification.
  • Certified organisation shall not use its certification in such a manner that would bring Cyber AI Certification and/or certification system into disrespect and lose public trust.
  • If certified organisation uses accreditation/certification logo, certified organisation shall stop using it as soon Cyber AI Certification informs the same to certified organisation.
  • The certified organisation shall not apply marks to laboratory test, calibration or inspection reports such reports are deemed to be products in this context.
  • Cyber AI Certification shall exercise proper control of ownership and shall take action to deal with incorrect references to certification status or misleading use of certification document marks and audit reports. Cyber AI Certification actions include request for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and it necessary, legal action.
  • Cyber AI Certification shall exercise proper control of ownership and shall take action to deal with incorrect references to certification status or misleading use of certification document marks and audit reports. Cyber AI Certification actions include request for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and it necessary, legal action.
Resources

Certificate Transfer

Cyber AI Certification allows an organization which got its management system certified by another certification body to transfer their valid management system certification to Cyber AI Certification.

In order to transfer the certificate:

  • The issuing certification body and Cyber AI Certification must be accredited by an accreditation body that is part of the IAF.
  • The subject certificate must be valid and active for the transfer to be completed.

Cyber AI Certification will conduct a transfer audit to ensure the management system is operational since the last audit. If the transfer is within 12 months of the certificate expiration date, Cyber AI Certification will also conduct a Stage 1 and Stage 2 audit.

Resources

Search to Identify Certified Clients

Search to identify clients where CAC have certified the name, related normative document, scope and geographical location (city and country) for a specific certified client.

  • Certification status search
  • List of withdrawn companies
  • List of suspended companies
1
👋

Chat with us

Typically replies instantly

Hi there! 👋
How can we help you today?

Just now