Obtaining an ISO 27001 certification costs money. Not only do you have to engage with and pay an accredited body for the audit itself but laying the foundation for the Information Security Management System (ISMS) and implementing the respective security controls can also eat up a good deal of internal resource. All the more aggravating if, for your efforts, you do not pass the audit, all you get is un-certified ISMS that is worth very little, or worse, nothing.
It is recommended that any company who wants to undergo an ISO 27001 certification needs to make sure they have their Information Security Management System (ISMS) audited by an accredited body. This article will explain the differences between an accredited and a non-accredited Information Security Management System (ISMS) .