Choosing the right Certification Body for ISO27001 Compliance

From a certification point of view, provided the certification body is accredited, it can be from any country, not only the one from the company to be certified.

However, you also need to check if you have local laws/regulations, or customer contracts, about the country of origin of the certification body.

If you have no legal or contractual limitations, you can get ISO 27001 certified by a certification body from any country.

These materials will provide you with a further explanation about selecting a certification body:

• List of Questions to ask an ISO 27001 or ISO 22301 certification body https://info.advisera.com/27001academy/free-download/list-of-questions-to-ask-an-iso-27001-certification-body
• Accreditation vs. certification vs. registration in the ISO world https://advisera.com/blog/2016/02/29/accreditation-vs-certification-vs-registration-in-the-iso-world/

Hello Jaya.

I would also like to add that you can also consider some more dimensions:

-Do you think it can be beneficial to have the accreditation body to be from the same country as the entity audited (cultural similarities, same language - no language barriers etc)?

Why is this important? Well, maybe the staff at the entity/entities only speaks the local language and don't know other languages, which will be an issue for an external auditor that needs to interview the staff.

-Do you need to conduct onsite interviews or can it be done remotely? If some elements need to be conducted onsite (inspect data centers, inspect physical security controls etc), then perhaps it might be less costly to select an accredited body that is local due to travel costs (accommodation, flights etc) for the external auditors.