Not every standard has an accredited certification available. Which brings us back to the claims of being certified against ISO 27017:2015 and ISO 27018:2019. There are currently no accredited certifications being issued for these standards. This is important for companies looking to get certified as well as those who are reviewing suppliers who claim to be certified. There are some companies, not accredited by notable accreditation bodies, that will offer unaccredited certifications against any standard.
In the United States there are currently six certification bodies that are accredited by ANAB. These certification bodies can certify against ISO 27701:2019. However, in some cases certain requirements need to be met. For example, A-LIGN can certify organisations against ISO 27701 as a standalone certification, but there is a requirement to be compliant with ISO 27001. At the moment, certifying against ISO 27017 and ISO 27018 cannot be performed, however they can be treated as an “add on” to the 27001 certification. There is yet to be any real guidance around the ISO 27017 and ISO 27018 certifications. The process behind it will most likely be up to the discretion of the certification body.
On the other hand, in the United Kingdom, UKAS is in in the process of providing the capability for certification bodies to become accredited to provide the ISO 27701 certification to clients. Having that said, clients need to obtain a UKAS accredited ISO 27001 certification prior to pursuing the ISO 27701 certification. Currently there are no certification bodies that are accredited to provide the ISO 27701 under UKAS. However, there are a couple of certification bodies going through the process of becoming accredited. As for the ISO 27017 and ISO 27018, you cannot be UKAS accredited since they consider these to be guidelines and not controls that are certifiable.