After you are done implementing Instant 27001, you are ready for certification by an accredited certification body (sometimes called a registrar).
Finding a certification body
On the web site of the International Accreditation Forum (IAF), you can find your local accreditation organization. They should be able to help you further, often by publishing a list with certification bodies that hold their accreditation.
For our most active markets, they can be found here:
| Europe | Netherlands | Raad voor Accreditatie (RvA) |
| Belgium | Belgische Accreditatie Instelling (BELAC) | |
| Germany | Deutsche Akkreditierungsstelle (DAkkS) | |
| Austria | Akkreditierung Austria (BMAW) | |
| Switzerland | Swiss Accreditation Service (SAS) | |
| Spain | Entidad Nacional de Acreditacion (ENAC) | |
| Great Britain | United Kingdom Accreditation Service (UKAS) | |
| Ireland | Irish National Accreditation Board (INAB) | |
| Sweden | Swedish Board for accreditation and conformity assessment (SWEDAC) | |
| Finland | Finnish Accreditation Service (FINAS) | |
| Americas | United States | ANSI National Accreditation Board (ANAB) |
| United States (2) | International Accreditation Service (IAS) | |
| Canada | Canadian International Accreditation Services (CIAS-BAR) | |
| Canada (2) | Standards Council of Canada (SCC) | |
| Oceania | Australia and New Zealand | Joint Accreditation System of Australia and New Zealand (JAS-ANZ) |
As you will see, most countries have dozens of certification bodies to choose from, so there will always be one that you feel comfortable with.
If you need a recommendation, don’t hesitate to contact us!
The certification process
Once you have contracted a certification body, they will set you up with an auditor or audit team and the audit days are planned. An initial certification audit consists of two parts:
Stage 1
Also dubbed the documentation review, the auditor takes a look at the documentation (risk analysis, policies and procedures) to estimate whether you are ready to undergo the second part.
Stage 2
This part is sometimes called an implementation audit. It consists of a series of interviews with representatives of the different departments (management, HR, IT, development, operations, …) to make sure they understand their responsibilities when it comes to information security.