ISO 27001 cannot be used to certify products and services, but to certify the processes that support them (e.g. e-mail administration and operation processes).
After getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, the steps for ISO 27001 implementation you should consider are:
1) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2) development of risk assessment and treatment methodology;
3) perform risk assessment and define the risk treatment plan;
4) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions and opport unities for improvement.
During this process you can select and hire the certification body to perform the certification audit.