The Lazarus Alliance Usage Policy

Updated January 26, 2024

  • Overview
  • General
  • Certain Disclaimers
  • Confidential Information
  • Global Availability
  • Public Information
  • Audit Processes
  • Processes For Granting, Refusing, Maintaining, Renewing, Suspending, Restoring or Withdrawing Certification Or Expanding Or Reducing The Scope Of Certification
  • Types Of Management Systems And Certification Schemes In Which We Operate
  • The Use Of Our Name And Certification Mark Or Logo
  • Processes For Handling Requests For Information, Complaints And Appeals
  • Policy On Impartiality
  • Business Relationships
  • Impartiality
  • Linking To This Site
  • Use of Intellectual Property
  • Translations
  • Questions, Concerns, Complaints, and Appeals
  • DISCLAIMER OF WARRANTY
  • LIMITATION OF LIABILITY
  • Questions or Concerns Intake Form

Overview

The following are the terms of a legal agreement between you and Lazarus Alliance. By accessing, browsing, or using this website and all associated web properties under the Lazarus Alliance corporate umbrella, you acknowledge that you have read, understood, and agree to be bound by these terms and to comply with all applicable laws and regulations, including export and re-export control laws and regulations. If you do not agree to these terms, please do not use this website.

Lazarus Alliance may, without notice to you, at any time revise these Terms of Use and any other information contained in this website by updating this posting. Lazarus Alliance may also make improvements or changes in the products, services, or programs described on this site at any time without notice.

General

This website contains proprietary notices and copyright information, the terms of which must be observed and followed.

This site and all content in this site may not be copied, reproduced, republished, uploaded, posted, transmitted, distributed, or used for the creation of derivative works without Lazarus Alliance's prior written consent, except that Lazarus Alliance grants you non-exclusive, non-transferable, limited permission to access and display the Web pages within this site, solely on your computer and for your personal, non-commercial use of this website. This permission is conditioned on your not modifying the content displayed on this site, your keeping intact all copyright, trademark, and other proprietary notices, and your acceptance of any terms, conditions, and notices accompanying the content or otherwise outlined in this site. Notwithstanding the foregoing, any software and other materials that are made available for downloading, access, or other use from this site with their own license terms, conditions, and notices will be governed by such terms, conditions, and notices.

Your failure to comply with the terms, conditions, and notices on this site will result in automatic termination of any rights granted to you, without prior notice, and you must immediately destroy all copies of downloaded materials in your possession or control. Except for the limited permission in the preceding paragraph, Lazarus Alliance does not grant you any express or implied rights or licenses under any patents, trademarks, copyrights, or other proprietary or intellectual property rights. You may not mirror any of the content from this site on another website or in any other media.

Certain Disclaimers

Information on this website is not promised or guaranteed to be correct, current, or complete, and this site may contain technical inaccuracies or typographical errors. Lazarus Alliance assumes no responsibility (and expressly disclaims responsibility) for updating this site to keep information current or to ensure the accuracy or completeness of any posted information. Accordingly, you should confirm the accuracy and completeness of all posted information before making any decision related to any services, products, or other matters described on this site.

Lazarus Alliance provides no assurances that any reported problems will be resolved by Lazarus Alliance, even if Lazarus Alliance elects to provide information to address a problem.

Confidential Information

Lazarus Alliance does not want to receive confidential or proprietary information from you through our website. Please note that any information or material sent to Lazarus Alliance will be deemed NOT to be confidential. By sending Lazarus Alliance any information or material, you grant Lazarus Alliance an unrestricted, irrevocable license to copy, reproduce, publish, upload, post, transmit, distribute, publicly display, perform, modify, create derivative works from, and otherwise freely use, those materials or information. You also agree that Lazarus Alliance is free to use any ideas, concepts, know-how, or techniques that you send us for any purpose. Personally identifiable information that you submit to Lazarus Alliance for the purpose of receiving products or services will be handled in accordance with our privacy policies. Please see the tab entitled "Privacy" for information regarding Lazarus Alliance's privacy policies.

Global Availability

Information Lazarus Alliance publishes on the World Wide Web may contain references or cross-references to Lazarus Alliance products, programs, and services that are not announced or available in your country. Such references do not imply that Lazarus Alliance intends to announce or make available such products, programs, or services in your country. Please consult your local Lazarus Alliance business contact for information regarding the products, programs, and services that may be available to you.

Public Information

As an attestation and certification body, Lazarus Alliance publishes primarily on this website, but is not limited to only this medium, information about various business activities in all the geographical areas in which Lazarus Alliance operates, information about:

Audit Processes

Lazarus Alliance helps you secure financial, health, sensitive, intellectual, employee, and third-party information; promote quality internally; manage IT service providers and service requirements; and establish robust business continuity procedures.

We prepare your organization for formal certification or alignment against internationally recognized standards including ISO; the European Cybersecurity Certification Scheme for Cloud Services (EUCS); and NIST Cybersecurity Framework (CSF).

The core phases are:

  • Pre-assessment
  • Establishment
  • Implementation
  • Monitoring
  • External
  • Audit

Our management system development methodology

We are uniquely qualified and experienced to help you build a management system that complies with ISO standards, as Lazarus Alliance Compliance and Continuum GRC are one of a few vendors in the world that maintains an advisory practice that shares team resources with Lazarus Alliance, an accredited certification body.

To help your organization decrease implementation timelines and costs during initial certification, our advisory team evaluates your environment and determines short-term project plans from the perspective of experienced implementers and auditors who maintain the necessary credentials to certify an organization as prescribed by relevant accreditation rules.

By taking this approach, we reduce the risk that your organization spends too much time over-preparing for a certification audit or is ill-prepared for the initial third-party audit and fails the resulting inspection.

ISO Management

Pre-assessment

Our certified lead auditors determine your organization’s preparedness to pursue formal certification via an accredited certification body. ISO readiness assessments are performed against the mandatory certification requirements comprising Clauses 4 through 10 of management system standards (MSS). In the case of ISO 27001, we evaluate control objectives prescribed within Annex A against required policy and procedure documentation through an abbreviated design check of the management system.

The pre-assessment includes:

    • Workshop overview that provides an interpretation of applicable ISO requirements to be documented
    • Observations and best practices based on your organization’s peers and sector-specific trends
    • Insights into your management system documentation on processes, internal controls, internal auditing, and management review
    • Upfront analysis of risks that could threaten your ability to meet the applicable ISO standard requirements
    • A summary of current business processes and related controls along with remediation recommendations

The pre-assessment serves as a training and awareness session for internal stakeholders and interested parties, who may serve as designated control owners and participate in required annual activities such as risk assessment and internal audits. In addition to reviewing the defined common controls framework objectives, the lead auditor covers:

    • Plan-Do-Check-Act and the continuous improvement cycle
    • Governance structure originating from the International Accreditation Forum (IAF) and each country or region’s specific accreditation body that provides oversight to conformity assessment bodies (CAB) like Lazarus Alliance
    • Guidance for executing your risk assessment, internal audit program, and controls implementation, if applicable
    • Strategies for evaluating the validity of an ISO certificate produced as part of any third-party oversight and risk management program

Establishment

We meet with your governance, risk, and compliance team to determine management system core documents. As required by ISO standards, we draft the work products in response to the mandatory security governance requirements and your readiness pre-assessment.

Implementation

Controls policy and procedure development

We augment your organization’s internal process owners to establish appropriate policies that meet control objectives justified for inclusion in your management system, as appropriate.

Management system risk assessment

During the periodic risk assessment following the management framework prescribed within ISO 31000, we:

    • Quantitatively score inherent and residual risks based on your risk tolerance scheme.
    • Determine risk severity ratings and risk treatment options.
    • Develop short-term risk treatment plans for residual risks outside your organization’s risk acceptance tolerance based on established criteria.
    • Determine each business function’s requirements for the confidentiality, integrity, and availability of information and the overall sensitivity of data supporting these processes.

Monitoring

Management system internal audit

In accordance with ISO 19011, we execute an independent, periodic internal audit against management system requirements of the in-scope MSS, as well as, in the case of standards like ISO 27001, EUCS, and ISO 27701, controls justified for inclusion per the statement of applicability. As part of the required documentation inspection, we determine the sufficiency of sampled control procedures provided by your organization.

Deliverables include:

    • A three-year management system internal audit plan
    • Annual management system internal audit report
    • Lead auditor competency profile or evidence of relevant lead auditor certification

Management review

After the completion of the risk assessment and internal audit inputs, we facilitate the resulting review of the management system with senior and operations management personnel who are key internal interested parties to the program’s establishment. We develop a recurring supporting agenda presentation template that meets the ongoing requirements for this periodic management review activity.

External audit

External audit support

We help your organization identify and select an accredited certification body registrar who will assess your organization against in-scope certification requirements. During the initial certification audit, we respond to and defend inquiries related to its advisory work products made by the appointed lead auditor in interviews and walkthroughs on behalf of your organization. For any identified findings or non-conformities, we assist with the root cause analysis and the development of corrective action plans resulting from the external certification audit.

Processes For Granting, Refusing, Maintaining, Renewing, Suspending, Restoring or Withdrawing Certification Or Expanding Or Reducing The Scope Of Certification

Granting of Certification

Lazarus Alliance will be responsible for examining the client’s management system to assess compliance with the requirements of the relevant ISO Standard (Standard), in all material respects, as of the date of the audit. We will make specific inquiries of management and others about the management system.

Lazarus Alliance maintains the right to suspend or withdraw the client’s certification with immediate effect if, in its sole opinion, the client is not in conformance with the conditions specified for the maintenance of the Certificate during the certification period. In addition, Lazarus Alliance maintains the right to revise the requirements of certification within the certification period, including a revision to the fees.

Client Management is responsible for making available to us and the relevant Accreditation Body, on a timely basis, information necessary for our audit including relevant documents, access to all sites included within the scope of the audit, and client personnel to whom we may direct inquiries.

Clients may distribute the Certificate to current and potential customers of the certified operations of the Client. The Client must not distribute partial or incomplete certificates.

During the period of certification set out in the Certificate (the “certification period”), the Client must:

    • comply with the requirements of the Standard and disclose all incidents of non-conformity;
    • disclose all relevant changes in the organization or scope of certification to Lazarus Alliance;
    • disclose to Lazarus Alliance, without delay, any significant events impacting the Client’s certification procedures, including but not limited to fatal incidents, serious injuries, occupational disease, or legal action by a regulatory authority; and
    • disclose to Lazarus Alliance any occupational health and safety-related findings by third parties.

Upon completion of our audit, we will issue a Certificate stating whether, in our opinion, the management system of the Client meets the requirements of the Standard, in all material respects, as of the assessment date.

Upon completion of each audit cycle (Initial Certification, Surveillance, or Recertification Audit) we will produce a Report, which is designed for internal use by the Client to help make improvements in the Client’s management system.

We will delay or postpone our decision on certification to take proper account of new or additional information which has become available to us, and which has not already been considered in our certification process which, in our opinion, could affect the outcome of our work. If for any reason we are unable to complete the audit, we will not issue the Certificate.

We will be able to issue our Certificate without reservation only if our audit confirms that the Client is in conformance with the applicable requirements of the Standard as of the assessment date.

Refusal of Service

Lazarus Alliance may deny certification to a client when fundamental or demonstrated reasons exist, such as illegal activities, a history of repeated non-conformities with the certification requirements, and similar issues.

Lazarus Alliance as a certification body shall not be obliged to enter or maintain any commercial relationship with any entity or issue or maintain a certificate previously issued to any entity whose activities conflict with the obligations of Lazarus Alliance as a certification body. This is to apply where in the sole opinion of Lazarus Alliance that relationship would reflect badly on the good name of Lazarus Alliance. This is to apply notwithstanding the requirements of ISO/IEC 17021 and ISO/IEC17065.

Lazarus Alliance shall include a specific and legally binding clause to this effect in its contracts with its clients in relation to any services related to any management system, product certification standards, or any verification and inspection activity protocol.

Procedures for Changes in the Certification Audit Requirements

Lazarus Alliance will provide due notice to clients of any changes we intend to make in our requirements for certification either due to changes in internal requirements or in response to changes in the relevant standards. Lazarus Alliance will communicate the changes made by certification schemes and inform all clients of changes to Lazarus Alliance's certification requirements, within thirty (30) days of such changes being approved by the approval body of the respective Standard, as appropriate.

Following a decision on any changes and the publication of the changed requirements, subsequent Lazarus Alliance surveillance, certification, and re-certification audits will be used to verify that each organization that we have certified, or will certify, has carried out any necessary adjustments to its procedures and operational practices to meet the noted changes and that it has implemented the changed procedures or operational practices within such time as, in our opinion, is reasonable.

In addition, Lazarus Alliance shall consider other changes and circumstances affecting certification, including changes initiated by the client, and shall decide upon the appropriate action in accordance with the requirements of this standard and other applicable requirements. This includes evaluation and the issuance of revised certificates to extend or reduce the scope of certification. These actions shall be completed in accordance with the Lazarus Alliance Certification’s Business Management System (BMS) requirements.

Records shall include the rationale for excluding any of the above activities.

Suspension of certification

Lazarus Alliance’s Certification management system and product certification may be suspended at any time the condition of the management system or product certification cannot be verified or is verified as not being effectively maintained. Certifications may also be suspended in cases where the client fails to meet the requirements of their contract with Lazarus Alliance’s Certification, including failure to satisfy invoices in a timely manner, and inability to meet visit timing rules as indicated in the certification procedure.

When there is a cause for suspension the authorized Certification Manager or qualified designate is notified by completion of the client information and Quality Technical Review (QTR) form.

When a certification is suspended, the client may not promote or advertise their certification in any way and may not claim to be certified. The suspension shall be publicized on the relevant Lazarus Alliance’s Certification website. (Product or scheme procedures may also require notification to certain industry groups).

The maximum allowable suspension period is 6 months.

Upon approval by the Certification Manager or qualified designate the client shall be notified of the suspension details as listed below.

The details of the suspension shall be entered in the client records sheet and Lazarus Alliance’s Certification client database. This database provides a tool for tracking and assuring timely follow-up of suspensions.

The suspension notice shall require a written response, including a written corrective action plan, from the client within 10 working days.

On or before the indicated due date, a Lead Auditor shall follow up with the client to verify complete and effective corrective action. For management system and product certification non-conformity and access issues, an on-site visit is required. For financial issues, no on-site visit is required.

The Auditor/Lead Auditor shall provide a report on the on-site visit. The report shall be in the appropriate reporting format and include a clear recommendation to lift the suspension or to withdraw the certificate. Appropriate supporting documentation (e.g. non- non-conformity response documentary evidence, etc.) shall accompany the report.

The report from the auditor is reviewed as described above and the Quality and Technical reviewer indicates the decision on the form. A satisfactory finding by the auditor and the Certification Manager and qualified designate will result in the suspension being lifted and this will be indicated in QTR form.

If corrective action taken by the client fails to resolve the suspension issue in a time established by Lazarus Alliance’s Certification the certificate shall be withdrawn, or the scope of certification reduced.

Withdrawal of certification

Certification will be withdrawn where a client’s management system demonstrates significant non-conformity with the audit standard or planned arrangements and a failure in its ability to react to and correct the non-conformities in a timely manner. Failure of the client to pay Lazarus Alliance’s Certification invoices for services provided or a failure of the client to provide Lazarus Alliance’s Certification auditors access to the certified facility for audit purposes may also result in withdrawal of the certification.

In most cases, withdrawal will be preceded by a suspension of the certification but in cases of severe non-conformity or failure of the client to cooperate, withdrawal may occur immediately.

Withdrawal proceedings are initiated when the Certification Manager is notified of one of the conditions specified above and the QTR Form is appropriately completed and approved.

Re-certification Audit at Certificate Expiry

A Lazarus Alliance’s Certification audit team will re-assess an organization’s Certification status upon the expiry of the certificate of Certification granted to the organization.

Planning of the Certification/Re-certification Audit and certificate issue/expiration date requirements

Lazarus Alliance’s Certification will make every effort to initiate the planning process for Re-certification audits to allow for a reasonable time to complete the Re-certification Audit prior to the expiry of the existing certificate.

Considerations for a reasonable time to enable a successful recommendation and decision may include:

    • risks associated with logistic challenges;
    • availability of competent Auditors;
    • verification of the implementation of correction and corrective actions associated with major non-conformities to either close them or the review of an acceptable corrective action plan including partial implementation of the plan which would enable the audit team to downgrade the major to a minor non-conformity allowing for a successful recommendation.

As part of this planning process the Certification Manager or Technical Manager shall communicate to the client the risks and implications associated with their certificate expiration.

When re-certification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate shall be on or after the re-certification decision.

In cases where the Re-certification audit activities extend past the expiry date or where the Lead Auditor has been unable to verify the implementation of corrections and corrective actions for any major non-conformity, then re-certification will not be recommended, and the certificate shall not be extended.

The certification can be restored within 6 months of the expiration provided the outstanding re-certification activities are completed, otherwise a Stage 2 Audit will be completed. In such cases, the Certificate issue date on the new certificate(s) shall commence on or after the re-certification decision date (Certification Manager’s approval) and shall expire based on the prior certification cycle (e.g. within 3 years of the previous anniversary expiration date).

Re-certification Audits may be conducted in place of a surveillance audit and or prior to the existing certificate expiry date. In these cases, the expiry date on the certificate shall be within 3 years of the Re-certification decision date. The regular 12-month surveillance audit cycles will commence from this date forward.

The Re-Certification Audit will involve:

    • A review of management system documentation;
    • A review of past implementation and continuing surveillance (including any complaints received from users of the certification) of the management system over the period of certification.

The Re-Certification Audit will at least ensure:

    • The effective interaction between all elements of the management system;
    • The overall effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
    • Demonstrated commitment to maintaining the effectiveness and improvement of the management system in order to enhance overall performance;
    • The effectiveness of the management system regarding achieving the certified client’s objectives and the intended results of the respective management system(s).

The audit methodology for the re-certification will follow the procedures outlined under the certification audit process, and a new Engagement Letter will be issued. Other steps, such as a separate document readiness review, may not be performed if the Certification

Manager or QTR Team determines that there have not been changes significant enough to warrant it.

Requirements for Scope Changes

The conditions necessary for Lazarus Alliance’s Certification to change the scope of a certificate shall include the following requirements:

    • the change of scope shall not include or result in an extension of the certificate’s expiry date beyond the time period for which it was originally issued;
    • Lazarus Alliance’s Certification shall reserve the right to inspect the site of the certified operations before deciding whether or not to grant a change to the scope of the certificate;
    • if Lazarus Alliance’s Certification considers that a change in scope is significant in terms of area, management, or operational implications then the certification body shall inspect the site before the change of scope is granted;
    • if Lazarus Alliance’s Certification grants a change of scope, we shall review the wording of the certificate previously issued and if necessary, shall require that the old certificate be returned to the certification body or be destroyed by the client. In that event a new certificate shall be issued with revised wording reflecting the change of scope.

Certification Decision

The decision on whether an applicant is granted a certification will be determined by the QTR in conjunction with the Certification Manager, based upon the audit evidence collected during the entire certification process. The Certification Manager may also consult with other Lead Auditors or other more senior personnel from Lazarus Alliance’s Certification in determining their final audit recommendation to be presented for the QTR.

Lazarus Alliance’s Certification shall delay or postpone its decision on certification in order to take proper account of new or additional information which has become available to the certification body, and which has not already been considered in its evaluation report and which, in the opinion of the certification body, could affect the outcome of its evaluation.

Basis for Suspending, Withdrawing, or Reducing the Scope of Certification

Lazarus Alliance’s Certification will consider suspending or withdrawing certification in the following situations:

    • The client's certified management system has persistently or seriously failed to meet certification requirements, including requirements for the continued effectiveness of the management system process;
    • The certified client does not allow surveillance or re-certification audits to be completed by Lazarus Alliance’s Certification at the required frequencies;
    • The certified client has voluntarily requested a suspension;
    • The certified client has not paid their certification fees.
    • The certified client has improperly used our service marks.

When a client's certification is suspended, the certification is considered temporarily invalid. Lazarus Alliance’s Certification includes wording to this effect in our certification contract that is signed by the client. The status of the suspended certification will be recorded in the client database maintained by Lazarus Alliance’s Certification and will be made publicly available on request.

The Certification Manager or delegate will communicate to the client, the actions needed to end suspension and any other actions required by the certification scheme.

Failure to resolve the situation creating the need to suspend the certification within sixty (60) days will result in either a reduction in the scope of certification or withdrawal of the certification. Any evaluations, reviews, or decisions needed to resolve the suspension or withdrawal will be conducted and reviewed using the same general requirements as certification audits specified in BMS procedures audit initiation, audit preparation, an overview of certification audit procedures, non-conformity procedures for certification audits, quality, and technical review process and decision on certification/re-certification.

Reducing the Scope of a Certification

Lazarus Alliance’s Certification will reduce the scope of certification to exclude those activities not meeting the requirements when the client has persistently or seriously failed to meet the certification requirements. A reduction in scope could also be a condition of certificate reinstatement. The reduction of scope will be in line with the requirements of the certification standard.

Lazarus Alliance’s Certification will advise clients that upon receipt of written notice to withdraw the certification, the client must discontinue its use of all advertising materials that contain any reference to Certification status.

Procedures Relating to Suspension, Withdrawal, or Scope Reduction of Certification

The Certification Manager or delegate will change the status in the client database make notes in the comment field and inform the client in writing of the change. If the certification is suspended or withdrawn, the client must refrain from further promotion of its certification. If the certification is reduced in scope, the client must refrain from further promotion of the products or locations no longer certified.

The notification shall contain:

    1. A clear statement about the invalid status of the certificate (expired, suspended, withdrawn, or terminated);
    2. The date from which the invalid status of the certificate is official;
    3. The rationale supporting the invalid status of the certificate shall include, but is not limited to, the details of the breach of the certification contract and the demonstration of non-conformities with the applicable certification requirements;
    4. The requirement to withdraw all uses of the trademarks;
    5. In the case of an expired, terminated, suspended, or withdrawn certification, the requirement to stop making claims and/or using controlled material in any products;
    6. In the case of suspended certificates, the information that the maximum duration of suspension is six (6) months and after this period, the certificate will be canceled and withdrawn;
    7. A statement requiring the organization to acknowledge receipt of the letter of notification in writing.

The Certification Manager or delegate will update the public databases for each applicable scheme and if the scope has been reduced, revised, suspended or whether the certificate has been cancelled. If a certification is reinstated after suspension, the public databases will be updated, and the certificate revised.

If the Certification Body suspends, terminates, or withdraws a certificate, it shall promptly (and in any event within three (3) business days of the suspension or withdrawal or termination) notify the certification authority, scheme owner of any regulatory body in writing of the same and such notification shall state the action taken and the effective date and reason of suspension or withdrawal or termination.

General Requirements Relating to Suspension, Withdrawal, or Scope Reduction of Certification

Any decision on whether to reduce the scope of certification or to temporarily or permanently withdraw the certification will be determined during the QTR. The decision will include a minimum of two people who are not involved in the audit (Quality/Technical Reviewer and Certification Manager). They will be given the task of reviewing the non-conformity/ies in determining whether the scope of certification should be reduced or the certification withdrawn.

Lazarus Alliance’s Certification will advise its certified clients that it should be promptly notified of any intended changes to the organization’s management system or other changes which may affect conformity, as specified in the contract.

Lazarus Alliance’s Certification may be required to complete a short-notice audit of a client:

    1. to investigate complaints received from interested parties of the certified client;
    2. in response to changes in the client's Management System; or
    3. as a follow-up visit to a client whose certification has been suspended.

For Integrated Management System (IMS) audits, if certification to one or more management system standard(s)/specification(s) is subject to suspension, reduction, or withdrawal, the QTR Team and Certification Manager shall investigate the impact of this on the certification to the other management system standard(s)/specification(s).

The QTR will include all final decisions relating to the suspending, withdrawing, or reducing in scope of Certification.

Types Of Management Systems And Certification Schemes In Which We Operate

The most comprehensive listing of management systems, attestations, and certification schemes we support are always listed on the Services tab of our website.

The Use Of Our Name And Certification Mark Or Logo

Under no circumstances, may any entity use without permission, any public or private intellectual property such as logos, marks, designations, statements, documents, publications or any materials.

Any client who has achieved attestation or certification through working with Lazarus Alliance under no circumstances, may any usage occur without permission, any public or private intellectual property such as logos, marks, designations, statements, documents, publications, or any materials related to the achievement of attestation or certification through working with Lazarus Alliance, and shall not apply these logos, marks, designations, statements, documents, publications or any materials to laboratory test, calibration or inspection reports, audit, or assessment reports, certificates or attestations. These marks and designations shall not be used on a website, publication, product, packaging nor in any other way that may be interpreted as denoting product conformity with any of the attestations or certifications delivered by Lazarus Alliance.

Furthermore, all logos, marks, designations, statements, documents, publications, or any materials associated with a client's certification or attestation, must ensure that traceability back to Lazarus Alliance as the Certification Body is obvious. There shall be no ambiguity, in the mark or accompanying text, as to what has been certified and which Lazarus Alliance, as certification body has granted the certification. This mark shall not be used on a product nor product packaging nor in any other way that may be interpreted as denoting product conformity.

Only marks that are directly provided by Lazarus Alliance legal department staff members are authorized. Please refer to our style guide for more information.

Processes For Handling Requests For Information, Complaints And Appeals

None of this happens without client feedback. After your engagement, you will receive a survey, where you can directly influence the direction of our services and programs. The quality management team is available to take your comments at: Legal@LazarusAlliance.com.

Also, the form below is an additional method of submitting requests.

In the event that, as a customer, you wish to appeal a certification, authroization, or attestation decision we have made, please contact Legal@LazarusAlliance.com to initiate the process. The basic procedural steps that will be taken are as follows:

  1. Initial Intake: We receive your appeal request using the aforementioned contact email address. This established the beginning of the problem-resolution process for appeal handling.
  2. Statement of the Problem: You articulate your appeal in a form of written correspondence through postal, email, or document formats. No text, chat, voice, or other communication channels will be accepted.
  3. Information Gathering: Internally, we will review the information we have, and we will request that you provide supporting information as well. Please be advised that the information you provide must be verifiable.
  4. Identification of the Problem: Internally, in the event that we do identify the issue supporting your appeal, we will collaborate with you to resolve your appeal.
  5. Resolution Options: Resolution options will vary depending on the nature of the identified and confirmed origin of the issue.
  6. Reaching an Agreement: It would be our desire to reach an amicable agreement. In the event that the resolution is not acceptable to you, we will provide contact information to the certification authority governing our service component relevant to your appeal. It will be your responsibility and expense to pursue support through those channels. In the event that you choose to explore a legal remedy, again, it will be your responsability and expense to pursue support through those channels.

Policy On Impartiality

Business Relationships

This website may provide links or references to non-Lazarus Alliance websites and resources. Lazarus Alliance makes no representations, warranties, or other commitments whatsoever about any non-Lazarus Alliance websites or third-party resources that may be referenced, accessible from, or linked to any Lazarus Alliance site. A link to a non-Lazarus Alliance website does not mean that Lazarus Alliance endorses the content or use of such website or its owner. In addition, Lazarus Alliance is not a party to or responsible for any transactions you may enter into with third parties, even if you learn of such parties (or use a link to such parties) from a Lazarus Alliance site. Accordingly, you acknowledge and agree that Lazarus Alliance is not responsible for the availability of such external sites or resources, and is not responsible or liable for any content, services, products, or other materials on or available from those sites or resources.

When you access a non-Lazarus Alliance website, even one that may contain the Lazarus Alliance logo, please understand that it is independent from Lazarus Alliance and that Lazarus Alliance does not control the content on that website. It is up to you to take precautions to protect yourself from viruses, worms, trojan horses, and other potentially destructive programs, and to protect your information as you deem appropriate.

Impartiality

Lazarus Alliance as an organization abides by the principles of the ISO 17020, ISO 17021, FedRAMP Rules of Behavior, PCI SSC Code of Ethics, and similar standards. Lazarus Alliance is committed to impartiality in management system certification activities. Establishing impartiality is a process that begins with company policy that is acknowledged by every employee on an annual basis. Impartiality is integral to the onboarding process for new clients and partner organizations, so those relationships would be examined by executive leadership prior to the finalization of a contract relationship. The legal implications for the company are reviewed by the General Counsel and then accepted or declined by Lazarus Alliance executive leadership. Employees utilize the Risk Rating Methodologies Guidelines as a guide to avoid, eliminate or minimize such risk to the impartiality of this standard. Regardless of the outcome, the decision metrics are documented within the case file associated with the perspective external relationship ensuring the objectivity of the Lazarus Alliance management system certification activities.

Linking To This Site

All links to this website must be approved in writing by Lazarus Alliance, except that Lazarus Alliance consents to links in which the link and the pages that are activated by the link do not: (a) create frames around any page on this website or use other techniques that alter in any way the visual presentation or appearance of any content within this site; (b) misrepresent your relationship with Lazarus Alliance; (c) imply that Lazarus Alliance approves or endorses you, your website, or your service or product offerings; and (d) present false or misleading impressions about Lazarus Alliance or otherwise damage the goodwill associated with the Lazarus Alliance name or trademarks. As a further condition to being permitted to link to this site, you agree that Lazarus Alliance may at any time, in its sole discretion, terminate permission to link to this website. In such event, you agree to immediately remove all links to this website and to cease using any Lazarus Alliance trademark.

Use of Intellectual Property

Under no circumstances, may any entity use without permission, any public or private intellectual property such as logos, marks, designations, statements, documents, publications, or any materials.

Any client who has achieved attestation or certification through working with Lazarus Alliance under no circumstances, may any usage occur without permission, any public or private intellectual property such as logos, marks, designations, statements, documents, publications, or any materials related to the achievement of attestation or certification through working with Lazarus Alliance, and shall not apply these logos, marks, designations, statements, documents, publications or any materials to laboratory test, calibration or inspection reports, audit, or assessment reports, certificates or attestations. These marks and designations shall not be used on a website, publication, product, or packaging nor in any other way that may be interpreted as denoting product conformity with any of the attestations or certifications delivered by Lazarus Alliance.

Furthermore, all logos, marks, designations, statements, documents, publications, or any materials associated with a client's certification or attestation, must ensure that traceability back to Lazarus Alliance as the Certification Body is obvious. There shall be no ambiguity, in the mark or accompanying text, as to what has been certified and which Lazarus Alliance, as certification body has granted the certification. This mark shall not be used on a product nor product packaging nor in any other way that may be interpreted as denoting product conformity.

 Translations

Certain text in this website may be made available in languages other than English. Text may be translated by a person or solely by computer software with no human intervention or review. These translations are provided as a convenience to you, and Lazarus Alliance makes no representations or commitments regarding the accuracy or completeness of the translation, whether or not computer-generated or performed by a person. Please see the below Disclaimer of Warranty for additional conditions.

Questions, Concerns, Complaints, and Appeals

Lazarus Alliance has implemented within the company's internal Business Operating Quality Manual, guidelines for the triage of customer-related problems.

The order of operations includes:

  • Receive and Classify: the intake process includes a classification component that client support personel make an initial issue classification.
  • Acknowledge: the intake process includes confirmation of receipt.
  • Investigate: to ensure integrity and impartiality during the process, the investigator shall not be the same subject individual.
  • Resolve and Confirm: based on the outcome of the internal investigation by the examiner, a resolution recommendation is made to senior staff.
  • Respond to Customer: depending on the nature of the issue, and the decision made by senior staff, senior staff will respond to the person who introduced the issue originally.
  • Follow-Up: it is customary for a follow up with the person who introduced the issue originally.
  • QA and Close: Lazarus Alliance maintains a process known as the Chane Advisory Board (CAB) with an intake and documentation process referred to as the Corrective Action Report (CAR). Any question, concern, complaint, or appeal that requires an internal change in people, processes, or policy, will be recorded in the CAR records.

This process is managed within the Lazarus Alliance customer support ticket system by calling 1-888-896-7580 x21 and through existing client portals for established customers.

DISCLAIMER OF WARRANTY

USE OF THIS SITE AND PRODUCTS AND SERVICES OF LAZARUS ALLIANCE AND OR CONTINUUM GRC IS AT YOUR SOLE RISK. ALL MATERIALS, INFORMATION, PRODUCTS, SOFTWARE, PROGRAMS, AND SERVICES ARE PROVIDED "AS IS," WITH NO WARRANTIES OR GUARANTEES WHATSOEVER. LAZARUS ALLIANCE EXPRESSLY DISCLAIMS TO THE FULLEST EXTENT PERMITTED BY LAW ALL EXPRESS, IMPLIED, STATUTORY, AND OTHER WARRANTIES, GUARANTEES, OR REPRESENTATIONS, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF PROPRIETARY AND INTELLECTUAL PROPERTY RIGHTS. WITHOUT LIMITATION, LAZARUS ALLIANCE MAKES NO WARRANTY OR GUARANTEE THAT THIS WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.

YOU UNDERSTAND AND AGREE THAT IF YOU DOWNLOAD OR OTHERWISE OBTAIN MATERIALS, INFORMATION, PRODUCTS, SOFTWARE, PROGRAMS, OR SERVICES, YOU DO SO AT YOUR OWN DISCRETION AND RISK AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGES THAT MAY RESULT, INCLUDING LOSS OF DATA OR DAMAGE TO YOUR COMPUTER SYSTEM, ORGANIZATION, OR BUSINESS ENTITY.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

LIMITATION OF LIABILITY

IN NO EVENT WILL LAZARUS ALLIANCE BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY TYPE WHATSOEVER RELATED TO OR ARISING FROM THIS WEBSITE OR ANY USE OF THIS WEBSITE, OR OF ANY SITE OR RESOURCE LINKED TO, REFERENCED, OR ACCESSED THROUGH THIS WEBSITE, OR FOR THE USE OR DOWNLOADING OF, OR ACCESS TO, ANY MATERIALS, INFORMATION, PRODUCTS, OR SERVICES OF LAZARUS ALLIANCE AND OR CONTINUUM GRC INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOST SAVINGS OR LOSS OF PROGRAMS OR OTHER DATA, EVEN IF LAZARUS ALLIANCE IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION AND WAIVER OF LIABILITY APPLIES TO ALL CAUSES OF ACTION, WHETHER BASED ON CONTRACT, WARRANTY, TORT, OR ANY OTHER LEGAL THEORIES.

Additional or different terms, conditions, and notices may apply to specific materials, information, products, software, and services offered through this website. In the event of any conflict, such additional or different terms, conditions, and notices will prevail over these Terms of Use.

    In accordance with the section titled "Questions, Concerns, Complaints, and Appeals" above, this intake form will help you begin your inquiry. As a current client, contacting your dedicated customer representative is an alternative method.