ISO 27001 Certification Statistics

How many companies have certified under ISO 27001? You can find the answer here. So, under 7300 as of mid-August 2011.

Now, in another report from April 2008, there were 4500 certificates. With the distribution: Japan (2550); UK (370);India (430); Taiwan (175); China(110); Germany (90); and then a group of countries (Hungary, Italy, USA, & Korea) at 60.

The distribution remained pretty much the same, with Japan holding more than half of world-wide certifications. Japanese are mad about productivity, so by adopting a standard they accept a set of rules that work.

China made a boost from 110 to almost 500. India made it to almost 530. This two countries are huge producers of security equipments and software developers and the western clients needed assurance about procedures. Reported to the size and populations of this countries the number of certifications is still small so we should expect growth. Taiwan with 430 falls in this category also.

UK is champion of the rest-of-the-world team. It is a financial center and power of Europe, they initiated the standard via BS7799 and they love rules and regulations.

On the other side, US just made it to 100 (Czech Republic has 101). It seems like this standard is not well accepted in the new world. In the US, a major requirement is the Sarbanes-Oxley act, which aligns better with COBIT and ITIL, and thus the poor adoption of ISO 27001.