The ISO annual survey found that certifications for the ISO/IEC 27001 information security management standard reached 12 934 in 117 countries in 2009. This compares with ISO/IEC 27001 certifications of 9246 in 82 countries in 2008. The ISO developed the information security management standard in cooperation with the International Electrotechnical Commission (IEC).
According to the organization, ISO/IEC 27001 “specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system within the context of the organization's overall business risks….[It] is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.”
In 2009, the top ten countries for ISO/IEC 27001 certifications were Japan, India, UK, Taiwan, Spain, China, Romania, Italy, Czech Republic, and Germany. The top region in terms of 2009 certifications was the Far East, followed by Europe, Africa/West Asia, North America, Central and South America, and Australia and New Zealand. The fastest growing region was Europe with a 64% growth rate, Africa/West Asia with 58%, North America with 52%, Central and South America with 38%, the Far East with 28%, and Australia and New Zealand, which actually saw a 10% decline in certifications in 2009.
The ISO explained that certification is not a requirement of the ISO standards, but organizations carry out certification because of the perception that an independent confirmation of conformity adds value to the standards.
Overall, the ISO reported one million certifications across all industries. Commenting on the report, ISO Secretary-General Rob Steele said: “For the first time, the new edition is being published on a CD-ROM containing Excel files of the surveys from the first in 1993 up to the end of 2009. Making this data available in one place will facilitate comparison and extrapolation.”