Please be informed that ICM Certification Pvt. Ltd. does not accept any payment in cash or in any other company name, Clients are advised to please make sure that they make all payment to ICM Certification Pvt. Ltd. with Service tax at the prevailing rate of the Government of India. In India; staff or business associates of the ICM are authorized to carry out marketing and to Collect Client Application form, quotation, assessment and Payment from clients in the name of "ICM Certification Private Limited" only. We accept cheques, Demand Draft, Pay Order, NEFT or RTGS only, the payments which are made in any other name than "ICM Certification Private Limited" shall not held us responsible in any manner. If someone claim for the guaranteed Certification from ICM, Please don’t rely on such false commitment, Certification is result of Assessment. All the operational and technical activities such as review of Applications, Audit Planning, Certification Decisions, and Issuance of Certificates are carried at head office of ICM Certification Private Limited at New Delhi India only. Outside India, payment can be made in the name of Local Partner, but you are advised to please verify the name of the business associates on the website of the company in Global Menu.

ICMC Welcomes the New Business Associates in the field of ISO Certification. Interested Persons can contact to Mr. Keshav Jha 9015167703 or 9958995893, Can also mail us info@icmcertification.com

In this edition of IAF Outlook, you will find updates on a new accreditation scheme for the Educational organizations sector, and the publication of ISO 21001:2025, a certifiable standard under accreditation on compliance management systems.

Dear Clients It is with regret that we must inform you of a recent personnel change within our organization. As of July 2023], [Area Manager's Mr. Gufran Ahmed] is no longer associated with [ICM Certification Private Limited / ICMC]. This decision was made due to a breach of [ICM Certification Private Limited / ICMC]'s policies and values. We take any misconduct seriously and have a zero-tolerance policy towards fraudulent behavior. We want to assure you that this situation is an isolated incident and does not reflect the standards or principles upheld by [ICM Certification Private Limited / ICMC]. Our commitment to transparency, integrity, and ethical conduct remains unwavering. While we understand the concern this news may raise, please know that [ICM Certification Private Limited / ICMC] is dedicated to continuing the exceptional service and standards you expect from us. We have taken immediate steps to ensure a smooth transition in the [Bihar] to maintain our operations without disruption. As this is an internal matter, we are unable to provide further details regarding this personnel change. We appreciate your continued trust and support as we move forward. For any Clarifications or Quarry Please Call or Mail Mr. Keshav Jha 9015167703 / 9718808333 Email Id – sales@icmcertification.com Sincerely, CEO Marketing

In this edition of IAF Outlook, you will find updates on a new accreditation scheme for the natural and organic cosmetics sector, and the publication of ISO 37301:2021, a certifiable standard under accreditation on compliance management systems.

There are a number of noteworthy differences between SOC 2 and ISO 27001, the main one being their respective scopes. In order to comply with ISO 27001, businesses must show that they have implemented a fully functional Information Security Management System (ISMS). The goal of ISO 27001 is to create a complete framework that guides organizations in managing their data. On the other hand, SOC 2’s goal is narrower and focuses on verifying that an organization has implemented the necessary data security procedures. To clarify, SOC 2 focuses on assessing the current security measures, whereas ISO 27001 stresses the creation and ongoing maintenance of an ISMS. For this reason, in order to receive certification, ISO 27001 requires more stringent compliance requirements. While SOC 2 consists of a set of audit reports produced by an independent Certified Public Accountant (CPA) or accounting organization, ISO 27001 functions as an official international security certification standard. Unlike SOC 2, which can be tailored and adjusted to meet specific industry norms and requirements, ISO 27001 is a prescriptive certification that uses industry-wide standards that can be applied to any industry, regardless of location. 1. Requirements for compliance: The security measures outlined in ISO 27001 and SOC 2 overlap, although there are differences in how much integration of these controls is required between the two standards. Organizations should only implement controls that are relevant to their unique business context, according to SOC 2 and ISO 27001 standards. To comply with the ISO 27001 standard, however, a more comprehensive set of security measures must be implemented due to the standard’s broader range of requirements. The Trust Services Criteria are five different categories into which SOC 2 divides security controls. Interestingly, all SOC 2 reports only need to include one of these categories. Only if the following four controls apply to your goods and services are they required within the context of your SOC 2 report. 2. Distinguishing between Attestation and Certification: When SOC 2 is finished successfully, an independent certified public accountant attests to the data and cloud security strength of the company and presents the results in the form of a thorough SOC 2 report. On the other hand, an ISO Certification Body issues concise certification following a successful ISO 27001 audit, which acts as a benchmark for the creation of an Information Security Management System (ISMS). 3. Relevance of location: In the security and technology sectors, SOC 2 and ISO 27001 are widely recognized; yet, several regions have a preference for one standard over the other. Since SOC 2 is the most widely used compliance standard in North America, doing business with North American firms is likely to demand a SOC 2 report. On the other hand, ISO 27001 is more widely recognized worldwide, which means that it is likely required for any interactions with enterprises outside of North America. 4. Timelines: The process of being ready for SOC 2 compliance takes about six to twelve months, and the path to ISO 27001 compliance takes another six to twenty-four months. These schedules show how committed companies must be to creating and upholding strong security policies that are customized to the unique details of each framework. 5. Duration of Renewal: SOC 2 compliance requires an annual renewal along with an annual audit. On the other hand, ISO 27001 accreditation is only good for three years, and it comes with annual monitoring checks to make sure that the security criteria are still being followed. 6. Scope, Standards, and Controls: SOC 2 dives into detailed controls, with roughly 61 standards across five Trust Service Criteria (TSCs). Security is a must during audits, which are conducted according to the TSC that each organization has chosen. On the other hand, ISO 27001 comprises 14 sections with seven mandatory requirements that house 114 security controls (Annex A). The audit evaluates the Information Security Management System (ISMS) or any of its constituent parts to confirm that the requirements of the standard are being followed. In contrast to SOC 2, ISO 27001 requires surveillance audits to be conducted on a regular basis in the second and third years to guarantee continued compliance with the standards. Furthermore, SOC 2 retrospective assessments concentrate on evidence and do not guarantee the organization’s future operations; in contrast, ISO 27001 accreditation requires partial reviews via surveillance audits in the following years. 7. Presentation: ISO 27001 and SOC 2 employ distinct presentation strategies, offering varying levels of information about your compliance status. ISO 27001 certifies the audit’s success, but it doesn’t provide detailed information on the parts of the system that pass or fail. SOC 2, on the other hand, provides a thorough report outlining the elements that comply with standards and those that don’t. Customers can gain further insight into the operational nuances of your systems with this comprehensive SOC 2 report. 8. Audit Scope: SOC 2 compliance evaluates the design (SOC 2 Type 1) and operational effectiveness (SOC 2 Type 2) of internal controls across particular Trust Service Criteria (TSCs), covering data, personnel, software, infrastructure, and procedure. On the other hand, in stage 1 and stage 2 audits, ISO 27001 evaluates the operational efficacy and design of an information security management system (ISMS) in maintaining availability, integrity, and confidentiality. 9. Report Scope: The SOC 2 report offers a comprehensive overview of the audit, including the independent auditor’s view, the management assertion, a description of the system, a list of controls, and specifics of the tests that were carried out. On the other hand, the ISO 27001 report functions as an audit results document, emphasizing observations, nonconformities, remarks, and favorable findings, and it ends with the certificate being issued.