The certification needs to be done by an external entity, you can however conduct an internal audit just to make sure you are ready to be certified.
Any third-party (independent professional or company) could do the certification and sign the report, but as the certification is something that will add market value to the certified company (in addition to the internal value), it is generally preferred to choose some recognized (accredited) firm to do it.
Once certification is achieved, organizations can expect to undergo periodic monitoring audits and must reapply for certification every three years.
When choosing certification body, ensure it is accedited for providing ISO 27001 certifications by accreditation body reckognised at your market. If you are not sure who is it, you can look for UKAS accredited company as UKAS accreditations are valid world wide.
You can’t get certified against ISO 17799 (now ISO 27002). Only ISO 27001 is designed for certification purpose.
Discuss This Question: