ISO 27001 certification is the process of demonstrating to an external auditor from a certifying body, that the organisation's ISMS meets the requirements outlined in the standard. Achieving certification requires the completion of an external audit, and ongoing surveillance audits to demonstrate ongoing compliance with the standard. Organisations that are certified can use the standard as a benchmark for their information security management, and it can also be used to demonstrate the company's commitment to information security to clients, stakeholders and regulatory bodies.