We audit & certify your organisation

solution-oriented, trustworthy and high in quality

Ansammlung von Zertifikats-Logos

Already 100+ successful audits completed

Benefits of certification by an accredited certification body

Recognised nationally and internationally

Risk minimisation

Competitive advantages

Conformity with international standards

Proof of trustworthiness and reliability

Compliance with legal and regulatory requirements

Continual improvement

Consumer confidence

Independence

Why should you have us certify or audit you?

Personal
With your organisation in mind

Every organisation has its own culture. In line with our credo "closer to you", we take this into account and communicate openly, directly and as equals – always with the focus on YOUR organisation.

Appropriate
Understanding your organisation

Appropriateness is a cornerstone of any audit. We engage individually with you and your specific requirements and factor this into each audit. Only in this way can sustainable results be achieved.

Quality
…is our aspiration at every step

Quality begins with the very first contact. That is why both the quality of the audit and the quality of the processes around it are of the utmost importance to us, for efficient and reliable collaboration.

Commitment
You can rely on us

We say what we do, and we do what we say.

It's that simple.

Sprechblasen mit Figuren
Get in touch

Submit an enquiry and complete the basic data sheet as the basis for preparing the quotation. Optionally, arrange a short introductory meeting via video call at short notice.

Klemmbrett mit ToDo Liste
Audit preparation

After the order is placed: coordination of the next steps including scheduling, optional introductory meeting with the auditor(s).

Lupe über Dokument
Conducting the audit

Remotely or on site, our auditors carry out the audit in accordance with the requirements and as equals with you.

Zertifikat
Handover of results

Handover of the audit documents, e.g. audit report, evidence documents for the BSI and, where applicable, the certificate / declaration of conformity.

What our clients say

RSM Certification GmbH are fair, competent and take a systematic and pragmatic approach. Despite the examination situation during certification, a cooperative spirit prevailed, so that we used our time together effectively, purposefully and therefore optimally. The auditors' comments are consistently appropriate and workable, making them a valuable aid to improvement. We therefore recommend working with and being certified to ISO 27001 by RSM Certification GmbH without reservation!

Mathias Beck, Information Security Officer, Aktion Mensch e.V.

I have found the collaboration with RSM Certification GmbH to date to be very positive. I was particularly impressed by their pragmatism, their professionalism and their ability to address our specific topics. For us it is important that projects are delivered efficiently, reliably and to a high standard. We also place great value on open communication and flexibility in problem-solving. These requirements were met by RSM Certification GmbH throughout. It was a highly appreciative collaboration that was praised by everyone involved.

Christian Klatt, Chief Information Officer, Krombacher Brauerei Bernhard Schadeberg GmbH & Co. KG

The collaboration with RSMCERT to achieve and maintain our ISO 27001 certification is a thoroughly positive experience. From the organisation to the conduct of the audits, everything ran smoothly and transparently. With their expertise, RSMCERT guided us through the requirements of the standard in a well-structured way. They were always open and honest in reviewing our processes and supported us in sustainably improving our information security. We can recommend them to anyone who needs a reliable and competent audit.

Thien Schlodinski, Chief Information Security Officer, novomind AG

The collaboration with RSM Certification GmbH is highly recommendable. It is smooth and straightforward throughout the entire audit process (planning, execution, audit report and follow-up of measures). The results are a reflection of the prior coordination and planning. All necessary topics are discussed as equals and very realistically throughout the audit process. For us it is important to have an experienced, competent partner in the field of information security who, with the relevant industry knowledge, can also address specific topics. Thanks to our consistently positive experiences, RSM Certification GmbH comes highly recommended without reservation. The auditors deployed stand out for their experience, knowledge of standards and methodological competence.

Daniel Spilker, Quality, Safety and Environmental Protection / Internal Audit, Stadtwerke Hamm GmbH

FAQ – Your key questions answered

Why do we distinguish between certification and auditing?

What certification and audit services have in common is that they are both examinations of management systems. For this reason, the terms "audit" and "certification" are often used synonymously. However, certifications and audits differ in fundamental respects that are not always easy to tell apart and that can also make a qualitative difference. To do justice to this, we have decided to distinguish between certification and auditing in our service portfolio.
Certification services may only be performed by a body accredited by an accreditation body such as the German Accreditation Body (Deutsche Akkreditierungsstelle GmbH, DAkkS). As a body accredited by DAkkS, we may only examine and certify in those areas for which we hold accreditation. These include, for example, ISO/IEC 27001, DIN EN ISO 9001 and the IT Security Catalogue pursuant to Section 11 (1a) EnWG. These restrictions ensure that certifications are carried out with the highest level of expertise and in accordance with a uniform, international procedure. With certifications you receive a certificate from us and, if desired, a seal confirming successful certification.
Audits are services that do not necessarily require DAkkS accreditation to perform and sign off. These include, for example, audits pursuant to Section 39 BSIG (new version), ISO 27001 based on IT-Grundschutz, or SMGWA to BSI TR-03109-6. Audits pursuant to Section 39 BSIG (new version) may only be carried out by selected parties, including auditors (Wirtschaftsprüfer) or bodies accredited by DAkkS, such as RSM Certification GmbH. Audits for ISO 27001 based on IT-Grundschutz and SMGWA audits to BSI TR-03109-6 require appropriately qualified auditors. RSM Certification GmbH employs auditors who have the suitable competencies and recognition by the BSI.
In addition, there are standards such as ISO/IEC 27017 or ISO/IEC 27018 against which certification is not possible, as they are only valid in conjunction with an existing certificate. We can therefore only carry out conformity assessments here.

Do we also operate internationally?

We operate internationally. As a conformity assessment body accredited by DAkkS, our certificates are recognised worldwide, since accreditation is also based on uniform international requirements.

Do we also provide consulting services?

As a body accredited by DAkkS, we are not permitted to act in an advisory capacity, as this would compromise our impartiality and independence.

Does RSM Certification GmbH also offer audits of multiple standards (so-called integrated management systems), e.g. ISO/IEC 27001 and ISO 9001, or ISO/IEC 27001 and BSI TR-03109-6?

Auditing integrated management systems is one of our core competencies. We are accredited by DAkkS for ISO/IEC 17021. The ISO/IEC 17021 family of standards includes a wide range of management standards for which a certification audit can be carried out. These include, among others: Information Security Management System (ISO/IEC 27001), Quality Management System (ISO 9001), Environmental Management System (ISO 14001) and Energy Management System (ISO 50001). The key feature and advantage of these standards is their uniform structure, which makes it easier to audit several standards at the same time. The document IAF MD 11 ("Mandatory Document for the Application of ISO/IEC 17021-1 for Audits of Integrated Management Systems") must be taken into account accordingly when calculating the audit scope and conducting the audit. Beyond this, audits of the IT Security Catalogue pursuant to Section 11 (1a) EnWG, ISO/IEC 27001 and BSI TR-03109-6 can also be combined.

What happens if problems arise during the certification process and certification cannot proceed as anticipated?

In exceptional cases, unforeseen events may make adjustments necessary. Our credo here is: if you bring the flexibility to counteract this, then we will do our part. In principle, no more than six months may elapse between a Stage 1 and Stage 2 audit in an initial certification. We therefore always try to discuss the optimal time interval between the Stage 1 and Stage 2 audit with our clients in advance. If material weaknesses are identified during a Stage 2 audit or a recertification, such that a certificate cannot be issued, the auditors involved will discuss this directly with you. This also includes a schedule setting out by when the weaknesses must be remedied in order to complete the audit. Here, too, a maximum period of six months applies in order to stay within the permissible timeframe of the procedure.

Do we carry out certificate transfers? If so, what needs to be considered?

We carry out certificate transfers. According to IAF MD 2:2023, a certificate transfer is: "[…] the recognition of an existing and valid management system certification, granted by one accredited certification body, by another accredited certification body for the purpose of issuing its own certification." IAF MD 2 sets out the minimum requirements to be met in the course of such a transfer. We adhere strictly to these requirements in order to ensure a seamless transfer of your certificate.

More on IAF MD 2 – Certificate Transfers

Can I carry out a conformity assessment without an ISO/IEC 27001 certification?

A conformity assessment without certification is possible, but whether such an approach makes sense can only be assessed on a case-by-case basis. Alternatively, a competently conducted internal audit of the conformity of your ISMS may be a more sensible route. We would be happy to help you find the right path – simply get in touch with us.

What is a matrix certification? Does RSM Certification GmbH also carry out matrix certifications?

A matrix certification is also referred to as a "multi-site certification" and can be applied to organisations that operate a central management system across several sites, controlled from their head office, and wish to have it certified. The requirements for such audits are explained in detail, in particular in the document IAF MD 1. This is the binding IAF document for the auditing and certification of management systems in organisations with multiple sites. See also our blog post on IAF MD 1. RSM Certification GmbH does carry out matrix certifications.