Price is an important factor in your choice of certifying body for ISO 27001, but certainly not the only factor of importance; if you base your decision on price and nothing else, you may end up working with a certification body that has no experience in your field, or has a poor reputation, or is not even recognized by your potential customers. Obviously, non-accredited certification bodies shouldn’t even be considered.
We recommend that one considers a certification body that brings value to the relationship, and not just pure compliance recognition.
It is also worth considering the brand of the certification body – as a newly certified company you will announce to the world and advertise your new ISO 27001 certification by using the certification body’s logo. Make sure your brand and the certification body’s brand are in harmony.
Competence and experience in your niche and industry are also considerations to be made in your choice for the ideal certification body to certify your business for ISO 27001. For example, perhaps most of your competitors use the same certifying body, and this may be a pro or a con for your company.
Other things to consider include the local or international nature of the certification body and how this relates to the business being certified; e.g. a large multinational would be well advised to use a large multinational certification body and not a small regional certification body.
The clients of the organisation or business seeking certification may also have their preference in terms of certification body, for example, your clients may require that their subcontractors use the same certification body as they use.
Also to be considered is language; some certification bodies have Maltese speakers among their staff; others are English speaking or serve the Italian market.