After you are done implementing Instant 27001, you are ready for certification by an accredited certification body (sometimes called a registrar).

Finding a certification body

On the web site of the International Accreditation Forum (IAF), you can find your local accreditation organization. They should be able to help you further, often by publishing a list with certification bodies that hold their accreditation.

For our most active markets, they can be found here:

NetherlandsRaad voor Accreditatie (RvA)
BelgiumBelgische Accreditatie Instelling (BELAC)
GermanyDeutsche Akkreditierungsstelle (DAkkS)
SwitzerlandSwiss Accreditation Service (SAS)
SpainEntidad Nacional de Acreditacion (ENAC)
United KingdomUnited Kingdom Accreditation Service (UKAS)
United StatesANSI National Accreditation Board (ANAB)
United States (2)International Accreditation Service (IAS)
CanadaCanadian International Accreditation Services (CIAS-BAR)
Canada (2)Standards Council of Canada (SCC)
Australia and New ZealandJoint Accreditation System of Australia and New Zealand (JAS-ANZ)

As you will see, most countries have dozens of certification bodies to choose from, so there will always be one that you feel comfortable with.

The certification process

Once you have contracted a certification body, they will set you up with an auditor or audit team and the audit days are planned.

An initial certification audit consists of two parts, conveniently named stage 1 and stage 2.

Stage 1

Also dubbed the documentation review, the auditor takes a look at the documentation (risk analysis, policies and procedures) to estimate whether you are ready to undergo the second part.

Stage 2

This part is sometimes called an implementation audit. It consists of a series of interviews with representatives of the different departments (management, HR, IT, development, operations, …) to make sure they understand their responsibilities when it comes to information security.

How much does certification cost?

Start your ISO 27001
journey today!

Order now   Book a demo