An independent guide

Choosing a UKAS-accredited certification body

Your certificate is only as credible as the body that issues it. We are consultants, not certifiers, and we sell nothing on this page: just the criteria that actually separate certification bodies, and the traps in the cheap quotes.

The four criteria

What actually separates certification bodies

3D illustration of UKAS accreditation

UKAS accreditation, non-negotiable

UKAS is the UK's national accreditation body; its logo on a certificate is what enterprise due diligence teams check for. Non-accredited certificates are cheaper, faster and routinely rejected by exactly the customers you certified for.

3D illustration of sector experience

Auditors who know your sector

A certification body with assessors experienced in your industry runs smoother audits and asks sharper questions. Ask who would audit you, not just which company.

3D illustration of transparent day-rate pricing

Transparent day-rate pricing

Audits are priced in auditor days against ISO 27006 minimums. A quote should show the day count and the rate; a single opaque number makes surveillance-year costs a surprise.

3D illustration of audit lead times

Lead times that fit your deadline

Popular bodies book Stage 1 slots months out. If a contract deadline is driving your certification, the certification body's diary is on the critical path from day one.

The trap worth naming

Why the cheapest certificate is the expensive one

ISO 27006 sets minimum auditor-day counts for accredited audits, which is why genuine UKAS quotes cluster around similar figures for similar organisations. A quote at a fraction of the going rate is almost always a non-accredited scheme, and its certificate fails at the exact moment it is needed: inside a customer's due diligence review.

The market rates, day counts and surveillance costs are itemised on our cost page, so you can recognise a sound quote when you see one.

Our role, plainly

We shortlist bodies that fit your sector, deadline and budget, brief you for the choice, and prepare you for whoever you pick. The commercial relationship with the certification body is always directly yours; our fee never depends on which body you choose. That separation is what lets this page be blunt.

Quick answers

Certification body questions, answered

Who can issue an ISO 27001 certificate?

Any certification body can issue a certificate; the ones worth having come from bodies accredited by UKAS in the UK (or an equivalent national accreditation body elsewhere). Accreditation means the certifier is itself audited against ISO 27006. CyPro is not a certification body, which is deliberate: we prepare you, and the assessment stays independent.

How do I check whether a company's ISO 27001 certificate is genuine?

Ask which certification body issued it and check the certificate number with that body; most accredited bodies run public verification. Check the certification body itself against the UKAS directory. A certificate from an unaccredited issuer is a marketing asset, not assurance.

Which certification body should we choose?

The one whose accreditation, sector experience, pricing shape and diary fit you, which differs by organisation. Because we do not certify, we can compare bodies on your behalf without a conflict: that comparison is part of every readiness engagement, and you always hold the relationship with your chosen body directly.

Can we change certification body later?

Yes. Certificates can be transferred between accredited bodies, usually at a surveillance point, without redoing certification from scratch. It is worth knowing at selection time purely because it lowers the stakes: a good-enough choice now is not a lifetime commitment.

3D rocket illustration for booking a free ISO 27001 scoping call

Choosing this month?

Get an independent read on your shortlist

Bring your quotes to a free 45 minute call and we will translate them into day counts, accreditation status and surprises. No stake in the outcome.