By: Cameron Kline, director, attest services
As an internationally recognized certification, ISO 27001 is one of the most highly regarded and thorough cybersecurity assessments an organization can undergo. Achieving and maintaining an ISO 27001 certification isn’t something organizations can do on their own—it requires the expertise and oversight of accredited auditors. Accreditation serves as a seal of trust and competency, and accredited organizations adhere to rigorous standards. BARR Certifications is proud to be accredited by the ANSI National Accreditation Board (ANAB). In this blog, we’ll explain why using accredited auditors is crucial to the ISO process.
The Accreditation Process
In order to issue ISO certifications with the seal of an accreditation body, accredited auditors undergo a rigorous process, including being audited themselves. As an accredited certification body under the ANAB, BARR Certifications is audited against ISO 17021, 27006, and IAF mandatory documents—all standards and requirements that describe how an ISO audit should be performed.
We also undergo an annual week-long audit process, during which a representative from the accreditation body visits our office, reviews our internal quality management system, and reviews a sample of the ISO 27001 audits that we performed the prior year.
The accreditation body has the authority to remove our accreditation if we do not meet the standards required.
There are dozens of accreditation bodies across the globe, including the ANAB and United Kingdom Accreditation Service (UKAS). Each of those accreditation bodies are a member of the International Accreditation Forum (IAF) and are held to IAF standards.
Benefits of Choosing Accredited Auditors
Opting for an accredited auditor comes with numerous benefits. Because accredited auditors are subject to continuous oversight, organizations can rest assured that their auditors will adhere to established standards and comply with their own set of strict requirements to ensure an accurate attestation process. Let’s take a look at some of the additional benefits:
The Pitfalls of Non-Accredited Auditors
While organizations can comply with ISO 27001 through non-accredited auditors, the absence of accreditation poses inherent risks. Without an accredited certification body seal, an ISO certification may have less value to stakeholders.
The ultimate shortcoming of using a non-accredited auditor for ISO 27001 is the lack of trust. Because the auditor isn’t subject to an annual audit and rigorous accreditation process, their standards and procedures may not accurately align with established standards—increasing the risk of inadequate assessments and undermining the credibility of the certification process.
Overall, accreditation serves as a testament to not just competence, but also integrity and trust. By choosing accredited auditors, like us at BARR Certifications, organizations can ensure compliance with ISO 27001 and demonstrate a steadfast commitment to securing sensitive information.
Want to learn more about our ISO 27001 services? Contact us today.
About the Author
Cameron Kline
Director, Attest Services
As a Director of BARR’s Attest Services, Cameron Kline serves as the engagement lead for SOC 2 reports. He specializes in technology clients, conducting technology risk assessments, SOC engagements, compliance audits, and IT operational engagements.
Cameron owns the project management aspect of client engagements, ensuring evidence is obtained and documented in a timely manner. He strives to engage and build relationships with all BARR clients and ensures top quality for all clients. Cameron earned a Bachelor of Science in Information Systems and Finance from the University of Maryland.