Certification body rebrands to Coalfire Certification

David Forman, VP, Privacy and International Assurance, Coalfire

A brief history of the certification body

Coalfire ISO was originally founded in 2013 after other parts of the business experienced success as both a CPA firm for SOC audits and a QSA firm supporting schemes under the PCI Council. Based on our experience as a leader in cybersecurity, we determined that accreditation for ISO 27001 — a management system standard for information security — would be the most complementary option to foray into conformity audits.

By the end of 2014, Coalfire ISO received initial accreditation issuance for the auditing of Information Security Management System (ISMS) scopes under ISO 27001 via the ANSI National Accreditation Board (ANAB). With this accreditation, our team immediately narrowed focus to the risks plaguing cloud service providers and public cloud clients while expanding framework competency to the newly released ISO 27018 standard in 2014 and ISO 27017 the following year.

Growth of accredited assurance offerings

Since initial accreditation with ANAB, we have expanded our scope of services to include conformity audit support for other management system standards, including ISO 9001, ISO 22301, ISO 20000-1, and ISO 27701. Coalfire ISO issued the world’s first ISO 27701 certification in August 2019 and, in March 2020, was part of the first group of certification bodies in the world to be accredited for the auditing of Privacy Information Management System (PIMS) scopes.

While the reputation and demand for certification body services grew stateside, we also pursued dual accreditation with the United Kingdom Accreditation Service (UKAS) in 2018 and successfully registered with the oversight body for both ISO 27001 and ISO 9001 in late 2019. In early 2021, this same accreditation was broadened to include ISO 27701, where Coalfire ISO was announced as the first management system certification body under the UKAS scheme to become accredited for the expanded ISMS scope against ISO 27701 controls and requirements.

The effects of the pandemic on certification bodies

Our team constantly learns from experiences gained through the deep relationships and feedback received from our clients and oversight bodies. At the start of the pandemic, we became increasingly aware of demand for alternative assessments supported by management system scopes. For example, the popular Security, Trust, Assurance and Risk (STAR) Certification and the associated Cloud Controls Matrix (CCM) scheme owned by the Cloud Security Alliance (CSA) are based on an ISMS implemented using the requirements within ISO 27001.

The pandemic has further flattened the global service provider landscape. Our clients with operations based in the US or UK were encountering unique security requirements from clients based in other regions of the world. It seems that we see new global security schemes on an almost daily basis. The irony of this development is that the majority of these sector-specific, region-specific, or country-specific schemes are based on historical conformity to an existing management system framework that often only comprises control additions or requirements built on an underlying scheme like ISO 27001.

From these insights, we are pivoting our certification body strategy to support the next generation of global assurance schemes making their way stateside. The “ISO” moniker embedded within our name seems self-limiting to only schemes maintained and owned by the International Organization for Standardization (ISO).

Coalfire ISO is now Coalfire Certification

To match these market realizations, Coalfire ISO is changing its name and mark to Coalfire Certification. As “trust” expands beyond a single framework for service provider organizations, this is a natural next step in our evolution. Everything from our assessment approach, assessor training, strategy, and industry thought leadership must also evolve into a conformity assessment body that inspects systems and governance programs for alignment to a range of technical frameworks beyond only schemes authored by ISO.

While our name is changing, all currently certified customers and applicants will experience zero impact aside from some refreshed branding, and all existing accredited certifications issued by Coalfire ISO, Inc., will remain valid and in force. Revisions to certificate documents and awards will be reissued per a defined transition plan or at the time of the next assessment.

We’re excited about our new name. It reflects what we do and where we are headed. We share this excitement with our clients and our teams and extend thanks to everyone that helped push the certification body to this level of framework coverage as Coalfire Certification enters this next period of global assurance. We look forward to working together to discover the many new, strategic opportunities that are ahead and sharing additional developments within our forecast as they are made available.

David Forman

Author

David Forman — VP, Privacy and International Assurance, Coalfire

Top