ISO17 -- Setting the Standard in Information Security Management

A registrar is a third-party company that is contracted to evaluate an organization's Information Security Management System relative to the requirements of the ISO 17799 Standard and issue a certification certificate. Registrars can either be accredited, through an accreditation body, or unaccredited. There are over 85 registrar groups in the U.S., many of which are international organizations.

The registrar is charged with the responsibility of interpreting the ISO 17799 Standard, applying it to the company's business situation, and determining whether its ISMS conforms to the standard. When there is lack of conformity to the standard, the registrar documents it as a "nonconformance." The number and severity of nonconformances, or lack thereof, is the determining factor in whether a company achieves or maintains certification.