Orion was incorporated in 2007 as a private company.
The two founding partners were involved in the auditing industry for over twenty years prior to starting Orion. Given poor service standards in the industry and numerous clients requesting an alternative, more customer friendly experience, the partners decided to form Orion as a private, client focused business
The majority of Orion’s clients are North American based; however, we do service and have auditors available globally. Depending on the standard, Orion can offer remote audits resulting with no travel related expenditures.
To maintain our impartiality in our audit activities, Orion Assessment Services does not provide consulting services.
There are some audit firms that offer consulting services but, in our opinion, you should avoid them because customers may question the creditability of your certification and whether or not your audit was conducted at “arms length”.
Orion Assessment Services is bound by our various corporate polices. These policies govern out commitment to ensuring your information is safe and secure.
The starting for determining fees is typically based on the number of staff under the scope of certification. Each standard has an audit time look up table based on the employee count. From here, various factors are reviewed to determine if the audit time can be justified down or up. The audit days are then multiplied by the day rate to give the audit fees.
When reviewing fees, you need to review the overall “all in cost”. Many of Orion competitors show a low day rate but add other items such as project management fees, certificate fees, administration fees, annual fees etc.
If travel expenses are applicable, unlike our competitors, we do not mark up travel related expenses.
If you have an issue, you may submit an Dispute Resolution Request.
Orion takes appeals, disputes and complaints very serious.
All issues must be submitted through Orion’s Dispute Resolution Request form. All issues will be reviewed by the President, or designee, and Management Team for processing and resolution. If the issue is time sensitive, Orion will make every effort to expedite the request.
If an Appeal related for an NCR, the President, or designee, and Certifier will review the evidence presented by the client. Additional input may requested from the Auditor, as needed.
Agree with Appeal?
If the Certifier, the President, or designee, and the client agree that the NCR is not correct, the appeal can be addressed by expediting the appeal process to withdraw the NCR and close the appeal. The client will be notified in writing of the decision.
Do not Agree with Appeal?
The client would be notified of the decision and reason for the decision. If the client does not agree with the decision, they may request that the issue be sent to an Appeals Committee for further review. The Appeals Committee will inform the client in writing of the decision. If the client still does not agree with the decision, they may take if to the appropriate accreditation body.
The President shall determine whether the complaint relates to certification activities for which ORION is responsible, and if so, if the complaint is valid. If the President determines that the complaint is not valid, the President will contact the party that identified the possible complaint and inform them the complaint has been rejected and the reason.
If the complaint is valid, Orion will investigate the complaint, determine the root cause and take the actions necessary to address the issue. Orion will make every effort to notify the person that filed the complaint of the outcome. In some cases, they may not be possible due to confidentiality requirements.
Full details for handling complaints are defined in Orion’s AP 01 Administrate Management procedure.
An overview of our process is posted at https://www.orioncan.com/en/orion-approach/
The best way to prepare for an audit is to ensure you have conducted your internal audit. Refer to Orion’s guidance on preparing for an audit.
Orion has provided guidance under “Promoting your Certification”.
The Orion team is committed to helping you with your certification needs. In some cases, Orion may be forced to suspend or withdrawal you certification status. This would typically be due to a failure to comply with the conditions specified in the Certification Application. Examples may include:
Your certification is typically defined by a legal entity, address, and scope statement. Should you wish to change your scope, you will need to contact the Orion team. The Orion team will review the request, determine whether the change can be achieved and, inform you of the process. Depending on the nature of the change, the Orion team may request additional information and possible need to conduct a special audit.
Typically the biggest factor in determining how long it takes to get certified is how well the client is prepared. If you have not done a thorough audit and have issues identified during your audit, it may slow down the process.
Orion recommends that you book your audit at least two months in advance. The gives you time to prepare.
After your audit, if you do not have any issues or once the issues are closed, Orion can issue a certificate typically within 5 days of receiving the final report from the auditor.
All certificates to ISO 27001:2013 must expire no later than October 31, 2025. After April 30, 2024, all audits must be done to the 2022 version of the standard.
The standard has not been fully revised. Key changes include:
For the purpose of upgrading, clients will need to remap their Statement of Applicability and demonstrate the new and changes control requirements have been identified and implemented.
Yes, provided you meet the eligibility criteria.
Eligibility typically begins when you have a head office plus by 3 or more sites. The eligibility criteria is defined in IAF MD 1. (refer to the mandatory documents)
Keys points to note are: