Our accreditation process

These are the steps required to achieve an accredited certification.

  • Initial Stage

    When you are thinking to get accreditation, you need to contact us at
    After getting your expression of interest, one of our team members will ask you to provide the necessary information regarding your company or organization. In this phase, you will also be asked to do the necessary payment to get started with the accreditation process.

  • Phase 1 Assessment

    In this stage 1 assessment, the internal audit will be done with one of our certified assessors. Since this is the first visit, you will be required to complete the self-assessment guide to complying with the necessary guidelines of the auditing body. After the first visit, you will be able to assess the current conditions of the organization according to the maturity level. If you have any concern regarding any of the component of inspection, please contact us immediately at Finally, a report will be generated which will be issued to highlight the preparation of the final stage of the accreditation process.

  • Phase 2 Assessment

    This is the final stage of the accreditation process. In this stage 2 assessment, one of our certified assessors will get in touch with the quality manager to set the inspection date and deliverables. This visit may be online/offline based on the service level agreement and situation.
    This time it will consider whether your process and management system meet our standard requirements. On the visit day, we will let you know about the Auditor's recommendations addressed by our Compliance department. After all these steps, an outcome will be sent to you with our secured messaging services and you will be notified within 5 working days. Once you receive a successful assessment report, your certification will be confirmed to be issued within 10 working days.
    This certificate can be validated at any time online via our certification verification services.

To obtain the phase 1 report: stage 1 audit

When you are trying to be accredited with us, the first significant milestone is the initial review and the stage one audit. Your auditor investigates whether you have successfully managed to comply with the proposed scope and the targets you have set for your company. While this may show up some weaknesses and areas for improvement, the constructively designed process will be preparing you for the stage two audit.

In this internal audit period, you will be asked to provide necessary documents to identify the current level of your organization. All of the audit findings are presented in a summarised report that allows you to focus on the important areas and processes that need strengthening to achieve accreditation. These are usually classed as nonconformities and are an expected part of the overall procedure for certification.

There are two classes of nonconformities. Minor nonconformities can be resolved with internal action plans whilst more serious major nonconformities need to be resolved with an agreed plan with one of our auditors.

To obtain the phase 2 report: stage 2 audit

The stage 2 audit is operated approximately 21 days after the initial audit to confirm your processes and systems are free from nonconformities (major/minor). Again, the assigned auditor will evaluate your performance and efficiency to make the recommendations for certification. There may still be a need to address nonconformities following this audit.

However, if you only have minor nonconformities these will not hold up your certification, while major nonconformities will require another check of 30 days after the stage two audit.

Continuous Checking

One of the central pillars of our methodology is a deliberate focus on continual improvement. One way of verifying the companies are adhering to the standards set out by certification is through annual surveillance audits. With larger organisations, the audit may need to be completed through a multi-stage approach to ensure that all the individual units meet the required standards.

During the surveillance audit, all the elements covered in the stage two audit are re-assessed to ensure that all the original systems and processes are operating as specified and producing the correct outcomes.

The surveillance audit will always review these areas:

  • The efficiency of your internal auditing process
  • The accomplishment of recommendations following your internal audits
  • Regular management implemented frameworks (e.g., ISO, COBIT, ITIL or TOGAF)
  • Customer and staff satisfaction
  • Updates to the documentation systems

The surveillance audit will be conducted by the auditor who will check any previous nonconformities from previous inspections. Surveillance audits are an essential step in preparing your company for recertification which is planned at the end of each three-year cycle as an important step in the overall certification process.

Your certificate is valid for two years after your initial issue. Recertification requires you to undergo an audit similar to the initial auditing process without the need for a stage one audit.

In summary, the auditor will perform a thorough examination of every aspect of implementation before issuing certification with a strategic assessment plan that underlines the next certification cycle. To get more information regarding the auditing process, please contact us at

To check the validity of a certificate, please follow the instructions below:

Step #1
Type the Certificate Number as it appears on the certificate, e.g. GL100000000XX
Step #2
Prove that you are not a robot
Step #3
Click 'Submit'

Certificate Verification Form

Please enter a valid certificate number.
reCAPTCHA is not valid.

Guideline for the application

This accreditation process is designed to work in partnership with different auditing and certification bodies such as ISACA, ISO, ITIL, COBIT and TOGAF. 

Before you apply:

There are some simple steps for your accreditation-  

  • The initial review: 

At first, the initial review will be done, where you’ll be asked to provide the regular policies and any existing best-practices that you follow for your organisation. This is to be done to determine whether your organization falls within the IMC scope or is more suited to another professional body. 

  • The accreditation visit: 

After the initial review, one of our certified assessors will go through your submission to visit your organisation (online/offline) and prepare a report. In this report, you will be asked to define an action plan, which will be reviewed before submission to the Committee.

The accreditation visit outcomes:

The IMC provides accreditation for up to two years. After getting your first accreditation, you can go for re-accreditation by scheduling your next visit. Here, you need to follow one of the provided steps if you receive accreditation between one and three years:  

  • Monitoring visit or review: If your organization was not awarded full two-year accreditation, the accreditors will either visit or conduct a paper-based review at the end of a limited period (usually two or three years). Here, you will be asked for an updated action plan with appropriate visit and materials review. All these will be conducted by the Visit Panel consisting of the previous Visit Panel Chair and one other panel member. The Visit Panel will submit a report with recommendations on whether to extend your accreditation period. The Committee Chair will then approve the recommendations. 


  • A first output review: Once the stage 1 assessment is done, the outcome will be reviewed according to the corresponding frameworks. These will be reviewed by two accreditors who will decide whether to extend your accreditation or arrange a monitoring visit.

Alteration in accredited programmes

  • An extension request review:  In this category, we allow an accredited organisation to extend its accreditation beyond two years. We started this alternation to provide you with better user experience, because sometimes it may happen that your organisation structure changes significantly and you may want to extend your accreditation beyond two years. So here, you are allowed to request an extension review by sending us evidence of the changes and your action plan. After this, a monitoring visit may take place and along with other panel members, the visit panel Chair will review your report to decide whether to extend the accreditation by up to a further two years.

The visits involve: 

The visiting panel explores different aspects of an organisation. Along with the IMC staff member and industry experts, the accreditors will form the visiting panel. During the visit they explore:   

  • The followed IT Governance Principles
  • Different resources, facilities, and staff resources for IT governance
  • Any existing toolkit/framework that has been practised in your organization
  • The quality assurance procedures, and
  • Any previous auditing reports

The visiting panel makes recommendations to the IMC Accreditation Committee (AC) for any kind of decisions. After accreditation, your organization will be added to the IMC database for the verification purpose.

How to apply:

If you are interested to be accredited with one of our qualifications/certifications, please drop us an email at

Get involved:

Interested in becoming an Accreditor? Please drop us an email at

Our designated team member will contact you within 3 business days.

Frequently Asked Questions

What does each of the standards mean?


Information Technology Infrastructure Library

COBIT: 5, 2019

Control Objectives of Information and Related Technologies (version 5 and 2019)

TOGAF: 9.2

The Open Group Architecture Framework

ISO: 15004

Quality Management Framework, ophthalmic instruments

What else can you help us with?

We can provide you with:

  • templates from our extensive toolkit. 
  • in-house training as well as online training across the world.
  • effective advice and guidance from our Auditors during the entire process.
  • a Gap Analysis service which is designed to let you become an ISO, COBIT, ITIL or TOGAF certified company.

Will I need to make lots of changes to get COBIT certified?

As the COBIT certification is often simply acknowledging and making changes as well as adjustments to what most of the organisations are going through, so you will need not to change a lot.

How long will it take to become certified?

The certification and accreditation are not a single event, rather an ongoing process that ensures your business complies with the chosen standard requirements. Initially, the certification depends on how many standards you are trying to achieve. But on average, it takes three to six months to get certified.

Do we have to appoint a Quality Manager?

Yes, it is expected to appoint a Quality Manager, as he/she will only ensure whether the product or service is fit to the purpose of legal compliance and customers’ expectations. However, we recommend selecting a designated representative or coordinator who will take responsibilities for achieving certification.

Do you provide consultancy?

Providing a consultancy service for certification may create a conflict of interest to the company. Thankfully, in our case, you don’t need any consultant to achieve the certification. Rather, we highly recommend using our products that allows the auditors to align with the compliance team.

But if you think a consultant is right for your business, we can help you to find one. Just drop us an email at

What is the difference between an accredited and unaccredited certifier?

Accredited certifiers are subject to rigorous evaluations of their competence, methodology, and quality standards before they are allowed to certify. Therefore, we can support our customers with the appropriate certification.

Many companies find unaccredited certification sufficient for their needs. But organisations who want to see your COBIT, ISO or TOGAF credentials are increasingly interested in who provided the certification. By using an accredited certifier, such as ourselves, you can be sure that your certification will be performed properly and reassure your clients that your company complies with the most rigorous standards.

How much does certification cost?

The cost of certification depends on the size of your organisation, how many staff you have, and the standards you want to gain. Regardless of your size, we always quote a guaranteed fixed fee for certification, so you know the costs upfront. Please check our pricing page for the updated price.

How long will my certification last?

Your certificate will last for two years from the start date, and you will undergo an annual surveillance audit to keep it valid for that time.

What happens if I forget to book my surveillance audit?

It is expected to book a surveillance audit. Our ongoing commitment to you is to make sure you do not forget. We will be in touch with you to make sure everything is going well after certification. Then, before three months of your audit, we will inform you about the arrangements for the due visit date.

Help! our certification has lapsed, and we need to restart it.

Do not worry, we can help. The quickest way to get this resolved is to give our Customer Services team. Contact us at

We've been certified by someone else; can you do the surveillance audits?

Of course! Just drop an email at and we can give you a quotation.

In need of auditing various FRAMEWORKS?

We provide auditing supports through an independent assessor for various frameworks implementation