ISO 27001 CERTIFICATION
Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not mandatory. Some organizations choose to implement a standard in order to benefit from the “best practices” it contains, while others decide they also want to get certified to reassure customers and Clients that its recommendations have been followed. ISO does not perform certification.
AUDITS (third party)
Certification involves auditing by a third party to check that the system functions effectively and meets ISO 27001 standards. An organization must perform internal audits to check how its Information Security Management System (ISMS) is working. An organization may decide to invite an independent certification body to verify that it conforms to the standard, but there is no requirement for this. Alternatively, it might invite its Clients to audit the ISMS system for themselves. Read more about certification to management system standards.
To learn more about ISO:
To learn more about ISO 27001: