Get the certification

Answer:
Basically our recommendation is that you need to implement controls for major risks, and accept all the other risks that are not treated with controls. So, if you have major risks related to some of these 40 controls, you need to implement them (or accept risks) to avoid problems during the certification audit.

Furthermore you need to perform all steps related to the implementation of the standard (development of mandatory documents, the management review, the internal audit, corrective actions, etc). After this, you should get the certification after the treatment of the final findings of the final report.

This article can be intere sting for you “Becoming ISO 27001 certified - How to prepare for certification audit” : https://advisera.com/27001academy/iso-27001-certification/

And also this one “How to get certified against ISO 27001?” : https://advisera.com/27001academy/blog/2010/02/15/how-to-get-certified-against-iso-27001

And also this one “Infographic: The brain of an ISO auditor - What to expect at a certification audit” : https://advisera.com/articles/infographic-the-brain-of-an-iso-auditor-what-to-expect-at-a-certification-audit/

Finally, these materials will help you to know more about the certification of ISO 27001:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/