ISO 27001 certifying firm

I'm assuming you are referring to certification bodies that can certificate an ISMS against ISO 27001 standard. Considering that, the main certification bodies for ISO 27001 are:

• BSI: https://www.bsigroup.com
• Bureau Veritas: https://www.bureauveritas.com
• DNV: https://www.dnvgl.com/
• SGS: https://www.sgs.com/
• TUV: https://www.tuv.com

On their pages, you identify if they have offices in your country.

 To help you select a certification body, I recommend these materials:

• How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
• List of Questions to ask an ISO 27001 or ISO 22301 certification body https://info.advisera.com/27001academy/free-download/list-of-questions-to-ask-an-iso-27001-certification-body

Hi Rhand ... I'm now curious, how do you become a ISO 27001 certification body? Do you need to be ISO 27001 certified? What is the process and how much?

The first step in becoming a certification body is to identify the accreditation body in your country and become familiar with the requirements and the accreditation process (the core elements are based on the requirements of ISO/IEC 17021-1 and IAF Mandatory Documents, but other elements may vary according to the accreditation body).

ISO/IEC 17021-1 and IAF Mandatory Documents do not require an organization to be certified against the standard it wants to certify, but this may be a requirement of the accreditation body, so you should consult it.

Regarding costs and fees, these vary according to accreditation bodies and the certification scheme you want to adopt. You should contact your chosen accreditation body for detailed information.

For further information, see:

• Accreditation vs. certification vs. registration in the ISO world https://advisera.com/articles/accreditation-vs-certification-vs-registration-in-the-iso-world/