Once you have finished your ISO 27001 implementation (typically when all elements of the management system have been executed at least once) you should be ready for certification. The certification takes place by an accredited certification body (sometimes called a registrar).
How do I find a certification body?
Once you have contracted one, they will set you up with an auditor or audit team and the audit days are planned. An initial certification audit consists of two parts:
Stage 1
Also dubbed the documentation review, the auditor takes a look at the documentation (risk analysis, policies and procedures) to estimate whether you are ready to undergo the second part.
Stage 2
This part is sometimes called an implementation audit. It consists of a series of interviews with representatives of the different departments (management, HR, IT, development, operations, …) to make sure they understand their responsibilities when it comes to information security.