What is ISO 27001 certification?

ISO 27001 certification is carried out after an information security management system (ISMS) aligned to the international information security standard, ISO 27001 has been implemented. By implementing an ISMS certified to ISO 27001, your organisation can win new business, protect and enhance your reputation and help comply with business, legal, contractual and regulatory requirements.

How do you choose your certification body?

When preparing for certification, it is vital to ensure that the certification body that is chosen has all the proper accreditations. The accreditation of the certification body ensures the quality of the service and therefore makes the certificate more likely to be accepted internationally and by clients. Any organisation that claims to be an accredited certification body should be able to show you a current copy of its certificate of conformance with ISO/IEC 17021-1:2015, issued by a national accreditation body for the relevant scheme.

These accreditations need to be from a recognised national accreditation body that is a member of the International Accreditation Forum (IAF), such as the United Kingdom Accreditation Service (UKAS). You can find a full list of recognised national accreditation bodies on the IAF website. The national accreditation bodies will be able to identify if an organisation has been officially accredited to provide a certification service. Read more about accredited certification >>>

What will the certification body do?

A certification body will review the documentation, including the scope of the information security management system, policies, procedures, and risk assessment and treatment documents. They will also check your Statement of Applicability to confirm that you have implemented appropriate controls and justified the inclusion and exclusion of controls from Annex A (or the inclusion of controls from other sources).

The next step in the certification process is to carry out a site audit to assess the organisation’s procedures in practice. If the certification body is satisfied that the implementation has been successful, it will issue the certificate.

How long will it take?

The length of the certification audit can vary depending on the size and type of the organisation, but it usually takes days rather than weeks.

How to get certification-ready

There are lots of resources you can use to get your organisation ready for ISO 27001 certification. IT Governance offers a wide range of products and services to help you to implement ISO 27001.

Achieve compliance and save costs with our ISO27001 DIY packages

Basics DIY Get a Little Help Get a Lot of Help
3 Standards  x  x  x  x
2 Guides  x  x  x  x
Policies and Procedures Toolkit  x  x  x
Risk Assessment Software  x  x  x
2 Training Courses and Exams    x  x
Live, Online Consultancy      x  x
£395 £1,995 £4,995 £9,995
Buy now Buy now Buy now Buy now


Find out more about how IT Governance can help you implement and gain certification to ISO 27001 >>