The ISO (International Organization for Standardization) conducts a survey every year to identify trends in certifications to nine of its most popular standards, including ISO/IEC 27001, ISO22301 and (new this year) ISO/IEC 20000. The survey involves the ISO asking certification bodies that are accredited by members of the IAF (see our earlier blog article for details of how this works) about how many organizations they certified during the year, by standard and by country.
The overall headline for 2015 is a 3% increase in the total number of certificates issued across the board, taking the total worldwide over the one and a half million mark for the first time; a modest increase by anyone’s standards, but it masks a number of much more interesting trends….
Let’s look at the main points by standard.
The total number of certified organizations worldwide for ISO/IEC 27001 is now 27, 536 – an increase of 20% over 2014 (by far the highest rate of increase since 2010) and a creditable result for a standard that has been around since 2005. Continuing concern over cyber security and the race to the cloud are bound to have contributed to this renewed interest.
Delving deeper into the numbers however raises a few interesting nuggets of information. Firstly the huge interest in this standard in Japan which on its own accounts for about 30% of all certifications worldwide and in 2015 experienced a close to 50% increase in the number of certified sites. Strict laws on the protection of personal information contribute to the high level of certification there and it will be interesting to see if the introduction of the EU General Data Protection Regulation has a similar impact in the West.
Another remarkable increase is in the USA where 90% more organizations were certified in 2015 than in 2014, rising from 645 to 1247 in that 12 month period. The figures suggest that the Information Technology sector is by far the main driver for that growth and this mirrors what we see at CertiKit with a lot of interest in our toolkits from US cloud service providers.
The United Kingdom is second only to Japan in the level of certification to the ISO/IEC 27001 standard, with 2790 certified organizations reported in 2015, an increase of 24% over the previous year. Again, the information technology sector leads the way.
ISO only started collecting figures for ISO22301 in 2014 as it’s still a relatively young standard so it’s only possible to measure trends over the last two years. What this shows however is a 78% increase in worldwide certifications to 3133, with most interest in India, United Kingdom, Japan, Singapore and The Netherlands. The UK has experienced a 19% rise in numbers to 411, with the USA up 42% to 57 certifications.
The information technology sector again dominates the certification list, with 40% of certified organizations being in that business area.
This the first year that the ISO/IEC 20000 standard has been included in the survey so the figures only really reflect a starting point for future conclusions. The picture that is presented is that there are 2778 certified organizations with 40% of these being in Europe. However, India and Japan lead the table in terms of numbers of certifications with 425 and 299 respectively.
The USA leads the UK with 223 to 197 certified organizations which ties in with our impressions here at CertiKit that this standard is popular with American technology firms. As expected, information technology is again the dominant industrial sector, with 77% of certified organizations falling into this business category.
The ISO survey only goes so far in terms of the information it collects but there are perhaps a few straightforward observations we would make based on its data:
We’ll keep you posted when the results for 2016 come out in October 2017.