Getting it right – why UKAS ISO 27001 certification is the way to go

Embarking on the journey towards ISO 27001 certification is an endeavor filled with opportunities for driving business growth and advancement. You may have taken the first step towards your ISO 27001 journey and understanding the numerous benefits including safeguarding your business, your clients, your reputation and your bottom line.  The next step is to understand how your business will get through the process. This involves choosing the right implementation partner and certifying body.

Many of our clients ask the all-important question about a certifying body ‘Why does the certifying body matter?’ The answer is because you want to ensure your ISO 27001 certification is valid and has been awarded by a properly vetted organisation.

Let’s take a step back to ask another question – how do you know your ISO certification body is credible? When it comes to information security, you want to ensure that you are ISO 27001 UKAS certified. In this article we explain what UKAS ISO 27001 accreditation is and why we strongly recommend UKAS as your ISO certification body.

UKAS accredited

ISO 27001 UKAS

What is UKAS accreditation?

UKAS is the National Accreditation Body. It is the governing body for ISO standards in the UK and has been appointed by the government to make sure that certifying bodies are up to standard. UKAS regulates the quality of the certification process and the audits to ensure the ISO certification you achieve really does help you have a robust and rigorous system in place to deal with (in the case of ISO 27001) cyber threats.

Once you’ve achieved your ISO 27001 certification, your business will appear on the UKAS website where potential clients and other stakeholders can find you and verify your certificate, adding another level of credibility to your security posture and capabilities.

That said, there are organisations out there offering ISO 27001 (and other) certifications that are not UKAS accredited. The risk of using one of these organisations is that even if you do achieve your ISO certification, it may not be recognised by your customers and stakeholders and will affect your RFPs, supplier evaluations and client relationships, especially if you work with government, or in the public sector, where the UKAS ISO certification is a necessity.

How to get a UKAS accreditation for ISO 27001

The first thing to do is choose your implementation partner. This should be based on their experience with ISO 27001 and experience with businesses similar to yours. Expertise also plays a huge role. At RightCue we follow and implement information security management systems (ISMSs) according to the rigorous standards set out by UKAS. We have an in-depth understanding of the ISO 27001 certification, as well as the broader landscape. Our highly professional team keeps on top of changes and trends, including preparing the latest versions of the ISO 27001 standards as they are released. We also offer expert consultancy across areas such as:

  • Supply chain risk assessments
  • Security audits for all types of systems
  • Knowledge of industry best practices such as CIS, NIST, as well as ISO 27001
  • Penetration testing
  • Vulnerability assessments
  • Data Privacy and GDPR
  • Knowledge of market leading security tools and solutions
  • Cyber Essentials and Cyber Essentials Plus
  • Cloud security assessments
UKAS ISO 27001

ISO certification body

Choosing a UKAS accredited ISO certification body

The next step in your journey is selecting the right ISO certification body. As mentioned, a UKAS accredited ISO certifying body means your ISO 27001 certification will be UKAS accredited. You should check the credentials of certifying bodies to make sure they are UKAS accredited.

You can also work with your implementation partner to choose an ISO 27001 certification body because they have the knowledge and expertise not just around the certification bodies and certification, but also how the process aligns to your business.

We help our customers choose the right certifying body – one that is UKAS accredited. We also look at other factors such as the body’s rigour to audit, customer service, cost, location and onsite visits.

How are ISO audit days calculated?

Another consideration – and also a question we regularly hear from our customers – is around audit time. The number of audit days needed impacts your budget and resourcing, customers want to understand how ISO audit days are calculated, and how many will be needed.

Audit days are calculated based on the size and complexity of your organisation – i.e. the larger and more complex, the more days may be needed. Other factors such as the scope of the ISO certification, your processes and industry-specific requirements will also affect the calculation.

However, your number of audit days may reduce depending on a few things. Just as a more complex and larger organisation will require more days, less complex or smaller organisations could mean a reduction in audit time. Another factor is effective number of staff. This encompasses employed staff and contractors covered by the certification scope, but doesn’t necessarily mean all staff, dependent on their roles. Once the relevant staff members have been included / excluded, it is easier to determine the number of days needed.  If in doubt, this is something that your implementation partner can help you with.


ISO 27001 audit

ISO certification bodies UK

How can RightCue help you on your ISO 27001 UKAS journey?

There are several moving parts in the pursuit of ISO 27001 UKAS certification, from finding a trusted partner to guide you through the process and dispense valuable advice, identifying a legitimate UKAS ISO 27001 certification body, understanding the process itself, and passing the audit.

At RightCue, we are that trusted partner to a host of organisations that have undergone ISO 27001 UKAS certification, including PRD Technologies, award-winning providers of ‘Intelligent Billing’ software, and legal software firm Zylpha.

We welcome the opportunity to talk to you about your ISO 27001 certification journey and how we can assist. Get in touch with our expert team today.

What our clients think

“We began looking at how to get ISO 27001 certification and CSA Star Level 2. After an extensive search it became clear that while many companies stated they could deliver both, RightCue was the only business that met our requirements.

“The RightCue team were instrumental in the process – to be blunt, if there was no RightCue, we wouldn’t have been able to do this. Their knowledge of controls was outstanding, and they really understood our business.”


“We were keen to develop our IT security to the next level so we could expand our client base as well as giving existing clients further peace of mind. Working with RightCue has been a total pleasure. They are just lovely people and to us they are not only trusted advisors but they feel like part of our extended team.

"Working with RightCue has supported our growth as a business and given us the reassurance we need, knowing that our security and data protection is well developed and managed - that's thanks to RightCue.”


“In early 2021, the ATI established the FlyZero project, with ambitious targets and timeframes. RightCue were involved from the start, contributing ideas and sustainable solutions to keep the project data secure.

“RightCue are so supportive and helpful. They operate almost as a virtual CIO and worked with me on a long-term strategy for IT and security to ensure it remains fit for purpose as the business continues to grow.”


“Beyond the accreditations, RightCue have caused us to think harder. To develop a maturity for our cyber security – processes and ideas for the future, and to think beyond IT to the business implications. Would I work with RightCue again? Absolutely, without hesitation…’


“RightCue helped us to achieve our cyber security accreditations including Cyber Essentials and IASME. But it’s more than that - the protection and management of data is now very much at the centre of our business.

“The RightCue team are absolute stars. Nothing is too much trouble. if you need help with cyber security, you can’t go wrong with RightCue.”


"The team at Rightcue worked very closely with our internal team on our ISO27001 accreditation. They were extremely thorough and rigorous throughout the process, they acted professionally at all times and guided us through each step of the way to attain ISO27001. I would recommend Rightcue to help you achieve your security accreditations.”


"They don’t just do the job and leave. They are at the end of the phone and happy to advise and engage at any time if you need them. If you’re considering Cyber Essentials accreditation, I’d definitely recommend RightCue.”


"Whilst going for a computer security accreditation is never easy, the team at RightCue made it as painless as possible. They were clearly very knowledgeable and as helpful as they could be, given their role as a certification body…”


“There is no doubt working with RightCue saved me a hell of a lot of time. I didn’t have to spend ages researching solutions. I would say RightCue are a very dependable resource, and are reassuringly competent. A good choice if you’re looking to acquire security accreditations…’


“We have been hugely impressed with the team at RightCue. They are very approachable and incredibly knowledgeable...Achieving those accreditations was so much easier, by working with an experienced and accomplished team of professionals, such as RightCue…’


“Having confidence in recommending them to our clients has allowed us to concentrate on playing to our strengths.

All of the RightCue team are very helpful and very willing to go the extra mile. They are very committed to delivering a good service, and that’s why we are always happy to refer them.”


Get in touch with us

If you would like help with achieving your ISO 27001 accreditation, contact us to find out more about RightCue’s ISO 27001 consultancy services.

Not quite ready to get certified with ISO 27001? Take a look at our Cyber Essentials Plus services for SMEs instead.

+44 (0)1256 260 780