We’ve not done ISO 27001 before, therefore how can we find out if they are qualified to audit us and apply for certification?
Basically, does an ISO auditor need certain qualification? And how clients know the validity of the ISO 27001 certificate issued by them?
Answer: To obtain an ISO 27001 certification an organization must be audited by auditors from accredited certification bodies, which are organizations that are compliant with the ISO 17021 standard (Requirements for bodies providing audit and certification of management systems). So, no single auditor can certify an organization regarding ISO management systems. To verify if an organization is accredited to certify ISO 27001 management systems you should verify with the accreditation body in your country or in the country where the certification body has its headquarter.
Regarding qualifications, yes, an ISO 27001 certification auditor must have certain qualification, both related to ISO management system and specificities of market indus tries.