What is the difference between unaccredited certifications and accredited? Why would I want a fully accredited ISO certification?
Typically, an organization may pursue any of the following three levels of ISO compliance:
ISO Compliant means your organization managing information systems in accordance with International Organization for Standardization (ISO). This is a self-designated level of compliance. It is not necessarily evaluated by a third party. This is often a great starting point for companies looking to mature their information security controls, but isn’t a marketable designation.
ISO Certified means your organization has been reviewed by a third-party certification body, but not an accredited body with ISO-recognized qualifications. This can be of limited use because your company cannot use the standard ISO markings on your website and marketing materials – that is reserved for accredited ISO certifications performed by accredited certification bodies.
Accredited ISO Certifications may only be issued by accredited ISO Certification Bodies. These accredited certification bodies have been subject to an accreditation process by an ISO-authorized local accreditation body. To gain that accreditation, the certification body must fulfil certain requirements for impartiality, competence, and confidentiality. Once your organization is audited and approved by the accredited certification body, you can display the ISO-certified logo on your website and marketing materials. Your stakeholders can be sure that your ISO certification has integrity.
Accredited certification not only establishes your compliance during your initial audit, it establishes a relationship and ongoing program with your chosen certification body. The certification body handles ongoing compliance requirements and audit scheduling, making it a convenient way to ensure compliance for years to come.