When seeking to achieve certification to ISO 27001, organizations should avoid non-accredited certification bodies.
Why? Non-accredited certification bodies typically offer a service that includes both consultancy and certification.
No formally accredited certification body will offer this type of service, as the international ISO framework recognizes the obvious conflict of interest when a single organization assesses its own work while also offering advice/consultancy.
Non-accredited certification bodies (and those that claim to be accredited without the recognized scheme) may not be subject to regular performance, quality, and competence monitoring by a national accreditation body (such as ANSI-ASQ National Accreditation Board (ANAB)).
Additionally, non-accredited certification bodies (and those that claim to be accredited without the recognized scheme) usually do not operate in line with the international standards that set out requirements for certification bodies (e.g. ISO/IEC 17021).
For peace of mind, organizations should look to ANAB. ANAB assesses and accredits certification bodies that audit and certify organizations conforming to management system standards across many industries – from information security and telecommunications to aerospace and food safety.
These are all ANAB-accredited certification bodies for ISO 27001:
- Aprio, LLP
- ISOQAR Inc
- NSAI Inc
- NSF International
- Russian Register
- Schellman & Company, LLC
- SGS SA
- The Standards Institution of Israel, Quality and Certification Division
- SRI Quality System Registrar
- DQS Inc
As this list is subject to change, we recommend that you use ANAB’s directory to confirm that a certification body has a valid ANAB accreditation certificate.
Testing and assessing your information security measures is essential to ascertain whether the controls you have implemented are working effectively. Compliance with the international information security standard ISO 27001 requires continual monitoring and regular reviews of the information security management system (ISMS). An internal audit is an effective measure to assess whether your ISMS is functioning as it should, and one of the requirements for ISO 27001 certification.
In this webinar you will get an overview of the internal audit process under ISO 27001. Leading the webinar is Steve Watkins, chair of the ISO/IEC 27001 User Group – the UK chapter of the ISMS International User Group – and technical assessor for UKAS (the United Kingdom Accreditation Service), advising on its assessments of certification bodies offering accredited certification.
This webinar will cover:
- The requirements for an internal audit and an internal audit program
- The role of the internal auditor and ISMS audits
- Mandatory documents for reviewing an ISO 27001-compliant ISMS
- An evidence-based approach to reporting, identifying, and compiling nonconformities
- Addressing common audit mistakes and challenges