This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

Accredited Certification

Accredited certification bodies have been assessed to demonstrate competence, impartiality and performance capability. They provide independent auditing and certification for organisations seeking recognition of compliance to national and international Standards.

In the UK, the Department for Business, Innovation and Skills (BIS) has stated that:

government advice is to use an accredited certification body, and
organisations that claim to be accredited by anyone other than UKAS are likely to be committing a crime.

Why use an accredited certification body?

It is important to make sure that the certification body you use is properly accredited by a recognised national accreditation body which is a member of the IAF, such as UKAS (United Kingdom Accreditation Service).

The IAF website carries a full list, by country, of recognised national accreditation bodies from which it is easy to identify whether or not a particular organisation has been officially accredited.

“Any organisation therefore that is suggesting it is accredited in the sense of the Regulation when they are not is likely to be guilty of an offence under the Business Protection from Misleading Marketing Regulations 2008 (Statutory Instrument 2008/1276).” - Source: BIS

Those that falsely claim accreditation should be referred to Trading Standards or the Office of Fair Trading immediately.

View more information on non-accredited certification on the BIS website.

If you can't find an accreditation organisation on this list, you are safe to assume that it is not an officially recognised accreditation body and that any 'certificates' issued under its aegis will have no official standing in any country in the world. To find out more on exactly which standards Certification Bodies are accredited by UKAS to deliver certification services, visit the UKAS website.

Why you should avoid non-accredited certification bodies:

  • Non-accredited certification bodies (and those that claim to be accredited by an unrecognised accreditation service) typically offer a service that includes both consultancy and certification; no formally accredited certification body will do this as the international framework recognises the obvious conflict of interest when a single organisation certifies its own work. The whole point about, and value of, independent certification is that it is independent of those who did the work. Certification is designed to provide assurance to others that a management system is working in line with a specific management system standard and such assurance simply cannot be provided by any body that is not independent.

  • Non-accredited certification bodies (and those that claim to be accredited by an unrecognised accreditation service) are not subject to regular performance, quality and competence monitoring by a national accreditation body formally charged with ensuring that certification bodies continue operating in line with their mandates.

  • Non-accredited certification bodies (and those that claim to be accredited by an unrecognised accreditation service) usually do not operate in line with the international standards for certification bodies (e.g. ISO/IEC 17021), nor in line with those standards for conducting audits of specific management systems. ISO/IEC 27006, for instance, is the standard for certification bodies that provide audit and certification services for ISO27001 management systems.

Any organisation that claims to be an accredited certification body should be able to show you a current copy of its certificate of compliance with ISO/IEC 17021:2011.

ISO17021 is the International Standard that sets out the requirements for bodies providing audit and certification of management systems. As the International Standards Organisation says, "Certification of management systems is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies."

In other words, they can never provide a certification service in respect of their own consultancy work.

It is important to crack down on non-accredited certification bodies, as they damage the reputation of the high-quality certification schemes accredited by UKAS and waste the money of the organisations that use them.

IT Governance Ltd is recognised by Third Party Accredited Certification Bodies as being competent to advise on certification and management system implementation. We are independent of vendors and Certification Bodies, and we encourage our clients to select the best-fit supplier of independent certification services for their needs and objectives, IT Governance is widely recognised amongst UKAS accredited Certification Bodies as a leading (ISO27001) consultancy and is listed on the following:

  • BSI Management Systems UK Associate Consultant Programme;
  • Bureau Veritas Certification approved list for the implementation and management of ISO27001 and ISO20000 (IT Service Management standard);
  • ISOQAR consultant database;
  • Lloyds Register Quality Assurance(LRQA) Consultant Network;
  • NQA consultant database.

Clients of IT Governance have used the following UKAS (or equivalent) accredited certification bodies: AJA Registrars, BSI, Bureau Veritas, Certification Europe, Certification International, Det Norske Veritas, ISOQAR, LRQA, NQA, SGS.

  • AJA Registrars
  • BSI
  • Bureau Veritas
  • Certification Europe
  • Certification International
  • Det Norske Veritas
  • LRQA
  • NQA
  • SGS

Associate Consultant ProgrammeLRQA Consultants NetworkLRQA Consultants NetworkISOQARDNV

Why choose IT Governance?

  • We have over 10 years's worth of experience.
  • Our directors were the first in the world to achieve successful certification to BS7799, the forerunner to ISO27001, and have since aided other organisations to implement effective information security management systems.
  • We write and publish extensively on IT governance subjects.
  • We provide a comprehensive range of corporate and IT governance information, advice, guidance, books, tools, training and consultancy.
  • We have the most comprehensive range of accredited ISO27001 training courses available.
  • We only recommend accredited certification bodies.

BUY Standards online

ISO27001 (ISO/IEC 27001) ISMS Requirements

Buy now

+44 (0) 845 070 1750
live chat support software