Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Choosing the right Certification Body for ISO27001 Compliance

  Quote
Jaya Created:   Aug 05, 2022 Last commented:   Aug 25, 2022

Choosing the right Certification Body for ISO27001 Compliance

Dear Team, I have across a certifcation body for my company's ISMS certification. The certification body is accredited by IAS. When i looked at the scope of accredition, the countries of operation is Quatar. I want me US entity to be certified. In this case is it advisable to go with the certification body?

COuld you guide on this.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 09, 2022

From a certification point of view, provided the certification body is accredited, it can be from any country, not only the one from the company to be certified.

However, you also need to check if you have local laws/regulations, or customer contracts, about the country of origin of the certification body.

If you have no legal or contractual limitations, you can get ISO 27001 certified by a certification body from any country.

These materials will provide you with a further explanation about selecting a certification body:

Quote
0 1
Albert Koubov Gonzalez Aug 25, 2022

Hello Jaya.

I would also like to add that you can also consider some more dimensions:

-Do you think it can be beneficial to have the accreditation body to be from the same country as the entity audited (cultural similarities, same language - no language barriers etc)?

Why is this important? Well, maybe the staff at the entity/entities only speaks the local language and don't know other languages, which will be an issue for an external auditor that needs to interview the staff.

-Do you need to conduct onsite interviews or can it be done remotely? If some elements need to be conducted onsite (inspect data centers, inspect physical security controls etc), then perhaps it might be less costly to select an accredited body that is local due to travel costs (accommodation, flights etc) for the external auditors.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 05, 2022

Aug 25, 2022

Suggested Topics