List of US Accredited Certification Bodies for ISO 27001

When seeking to achieve certification to ISO 27001, organizations should avoid non-accredited certification bodies.

Why? Non-accredited certification bodies typically offer a service that includes both consultancy and certification.

No formally accredited ISO 27001 certification body will offer this type of service, as the international ISO framework recognizes the obvious conflict of interest when a single organization assesses its own work while also offering advice/consultancy.

Non-accredited certification bodies (and those that claim to be accredited without the recognized scheme) may not be subject to regular performance, quality, and competence monitoring by a national accreditation body, such as ANAB (ANSI-ASQ National Accreditation Board).

Plus, non-accredited certification bodies (and those that claim to be accredited without the recognized scheme) usually don’t operate in line with the international standards that set out requirements for certification bodies (e.g. ISO/IEC 17021).

For peace of mind, organizations should look to ANAB.

ANAB assesses and accredits certification bodies that audit and certify organizations conforming to management system standards across many industries – from information security and telecommunications, to aerospace and food safety.

List of ISO 27001 accredited certification bodies (updated for 2024)

These are all ANAB-accredited certification bodies for ISO 27001:

As this list is subject to change, we recommend using ANAB’s directory to confirm whether a certification body has a valid ANAB accreditation certificate.

Want to be kept in the loop about more blogs like this, from the ISO 27001 pioneers? Subscribe to our free weekly newsletter: the Security Spotlight.

How to choose a certification body

Your main concern when choosing a certification body will probably be the fee, but you should also consider a few other things.

For a start, make sure the certification body is accredited and has a good reputation within your industry.

Remember: Some certification bodies specialize within certain sectors. That means the auditors might have plenty of experience in, say, the retail sector, but aren’t aware of the specifics of your business.

As a result, you’ll lose time explaining the ins and outs of your organization – an issue you won’t face if you select an auditor well-versed in your industry’s practices.

That’s not to say that the most expensive option is always the best, or that the least expensive is the worst. You’re looking for the knowledge and experience that’s right for your organization.

Looking to reach ISO 27001 certification readiness in just 3–6 months?

Get all the consultancy support you need to implement an ISO 27001-compliant ISMS (information security management system) quickly and cost-effectively.

Our turnkey ISO 27001 FastTrack™ package provides the resources and expertise your organization needs to prepare for and achieve accredited certification to ISO 27001:2022 for a fixed fee.

Here’s what a customer had to say:

Our consultant was always on hand to answer queries and really cared about the end result. He put in an enormous amount of solid effort, so huge thanks to him and the rest of your support team.

We first published a version of this blog in July 2020.