Finding an auditor

From your question is not clear if you are referring to an internal auditor or a certification auditor, so the answer will cover both situations.

The “DIY with expert support” approach does not change the main points you need to consider.

When looking for an auditor to perform an internal audit you should consider:

• the knowledge about your industry
• reputation
• pricing

We are not aware of specific jobs, boards, or professional associations of ISO 27001 internal auditors, so your best approach would be looking for them on professional social networks like LinkedIn, ISO 27001 security group on Google Groups, or organizations which issue certificates for information security professionals like ISC2 or ISACA.

For further information, see:

• Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
• 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/

When looking for an auditor to perform a certification audit you need in fact to look for a certification body, and for this, there are several factors you should take into account when selecting a certification body, please read this article:

• How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

The main certification bodies for ISO 27001 are:

• BSI: https://www.bsigroup.com
• Bureau Veritas: https://www.dnvgl.com/
• DNV: https://www.dnvgl.com/services?ServiceTypes=136423
• SGS: www.sgs.com/
• TUV: www.tuv.com

You can also find a proper certification body at this link: https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/

You can use this link to enter your profile, and we will find the certification body that best fits your needs.