ISO 27001 Certification in Numbers: The Latest ISO Survey Data

There were 96,709 valid ISO/IEC 27001 certificates covering 179,877 sites worldwide in the ISO Survey 2024 — the latest edition available as of July 2026 — up from 36,362 certificates in the 2019 survey, roughly a 2.7x increase in five years. China leads by a wide margin, information technology is the most-certified sector, and since October 31, 2025 every valid certificate is to the 2022 revision with its 93 Annex A controls.

The headline numbers

The ISO Survey is ISO’s official annual count of valid management-system certificates, and its 2024 edition (published September 2025) is the most recent available as of July 2026. One methodology note belongs next to every year-over-year comparison: 2024 was the first edition compiled from the IAF CertSearch database (76 accreditation bodies, 2,400+ certification bodies) rather than voluntary certification-body reporting, so part of the jump from the 2023 edition reflects better data coverage, not only new certifications — and Germany is understated in the 2024 data.

MetricFigure (ISO Survey 2024)
Valid ISO/IEC 27001 certificates worldwide96,709
Certified sites worldwide179,877
Certificates in the 2019 edition (five years earlier)36,362 (≈ 2.7x growth to 2024)
Certificates in the 2022 edition71,549
ISO 9001, for scale1,474,118 certificates
ISO 14001, for scale676,232 certificates

Source: The ISO Survey of Management System Standard Certifications 2024 (iso.org/the-iso-survey.html), compiled from IAF CertSearch; prior-year figures from the respective earlier ISO Survey editions.

Where ISO 27001 certificates are

By country, per the IAF CertSearch data underlying the ISO Survey 2024 (Germany understated due to a missing accreditation-body dataset):

RankCountryValid certificates (2024)
1China33,359
2India6,758
3Japan6,644
4United Kingdom4,455
5United States4,260

Source: ISO Survey 2024 country data (IAF CertSearch basis). Sector reporting is incomplete in the survey — among certificates that do report a sector, information technology ranks first by a wide margin.

Every valid certificate is now ISO/IEC 27001:2022

ISO/IEC 27001:2022 was published on October 25, 2022, and under IAF MD 26 the transition window from the 2013 revision closed on October 31, 2025 — certificates still on ISO/IEC 27001:2013 expired or were withdrawn at that date. Practically, that means any organization holding a valid ISO 27001 certificate today is certified against the 2022 revision: 93 Annex A controls in four themes (organizational, people, physical, technological), with the management-system requirements in clauses 4–10 and a Statement of Applicability covering all 93 controls.

For anyone building an ISMS now, that removes a common point of confusion: there is no choice of revision to make. Documentation, risk registers and the SoA should be written to the 2022 control set from day one.

What about ISO/IEC 42001 (AI management)?

ISO/IEC 42001:2023 — the certifiable AI management system standard — is not yet tracked in the ISO Survey (the 2024 edition covers 16 standards, and 42001 is not among them), and no official worldwide certificate count exists as of July 2026. The standard was published in December 2023 and the first accredited certification programs launched in 2024, so it is early: organizations certifying now are ahead of the reporting, not behind it. Any specific global count you see quoted for ISO 42001 certificates currently has no official source.

Frequently asked questions

How many ISO 27001 certificates are there worldwide?
96,709 valid ISO/IEC 27001 certificates covering 179,877 sites, per the ISO Survey 2024 — the latest edition available as of July 2026. Note the survey switched to IAF CertSearch data in 2024, so comparisons with earlier editions partly reflect improved coverage.
Which countries have the most ISO 27001 certificates?
China leads by a wide margin with 33,359 valid certificates in the ISO Survey 2024, followed by India (6,758), Japan (6,644), the United Kingdom (4,455) and the United States (4,260). Germany is understated in the 2024 data because one national accreditation dataset was missing.
Is ISO 27001 certification growing?
Yes. The ISO Survey counted 36,362 valid certificates in 2019, 71,549 in 2022 and 96,709 in 2024 — roughly 2.7x growth in five years. The 2024 figure benefits from a more complete data source (IAF CertSearch), but the underlying trend across editions is consistent growth.
Is ISO 27001:2013 still valid?
No. Under IAF MD 26, certificates to ISO/IEC 27001:2013 expired or were withdrawn by October 31, 2025. Every valid ISO 27001 certificate today is against the 2022 revision — 93 Annex A controls in four themes, with an updated Statement of Applicability.
How many ISO 42001 certificates exist?
No official count exists as of July 2026. ISO/IEC 42001 is not yet included in the ISO Survey, and accredited certification only began in 2024. Treat any specific worldwide number you encounter as unsourced.

Related guides: ISO/IEC 27001 · ISO 42001

Toolkits that help

ISO/IEC 27001:2022

ISO 27001 Complete Toolkit

All 24 policies and procedures plus the risk register, 93-control Statement of Applicability and audit evidence checklist — audit-ready from day one.

$9930% off · auto-appliedView toolkit
ISO/IEC 27001:2022

ISO 27001 Policy Pack — Core

16 editable ISO/IEC 27001:2022 policies plus the full 93-control Statement of Applicability — everything a small business needs to start its ISMS.

$5930% off · auto-appliedView toolkit
ISO 27001:2022 + SOC 2

ISO 27001 + SOC 2 Dual Toolkit

47 documents covering both frameworks plus a control crosswalk, risk register, Statement of Applicability and TSC mapping — run one security program, pass two audits.

$14930% off · auto-appliedView toolkit
ISO/IEC 42001:2023 AI Management System

ISO 42001 AI Management System Toolkit

14 editable ISO/IEC 42001:2023 policies and procedures — impact assessments, AI lifecycle, data governance, third-party AI — plus the Annex A Statement of Applicability, an AI risk register, and an audit evidence checklist.

$9930% off · auto-appliedView toolkit

Related articles

← All articles

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.