A certification body is an accredited organization that conducts ISMS audits against ISO 27001 and issues certificates upon conformity. In Germany, DAkkS accredits certification bodies. The audit process comprises a Stage 1 audit (document review) and a Stage 2 audit (on-site assessment). When selecting a certification body, consider accreditation status, industry experience, and availability. The certification body must be independent of any consulting activities.