Expected ISO27001 deliverables as a customer?

[Manic]

The company I work for has outsourced operations to a provider who is contractually required to be ISO27001 certified.

As a customer, what am I entitled to view with regard to the initial certification and ongoing re-certification?

At present I have been provided with the Statement of Applicability and final certificate, however upon request for issues encountered, I was told that these are internal documents.

Advice appreciated.

[evajo]

according to this, your company belongs to External parties, and what restrict you and your action is based on the A6.2.1, A6.2.2, A6.2.3.
that's
"A.6.2.1 Identification of risks related to external parties
Control:The risks to the organization's information and information processing facilities from business processes involving external parties shall be identified and appropriate controls implemented before granting access.
A.6.2.2 Addressing security when dealing with customers
Control: All identified security requirements shall be addressed before giving customers access to the organization's information or assets.
A.6.2.3 Addressing security in third party agreements
Control:Agreements with third parties involving accessing, processing, communicating or managing the organization's information or information processing facilities, or adding products or services to information processing facilities shall cover all relevant security equirements."

and the Statement of Applicability and final certificate u mention is internal, but as your work need it, you can have it, and may some management restrict what you can do or not.
_________________
Jo Eva
CISSP