About CertIndex

Our Mission

CertIndex exists to raise the bar for ISO-certified IT organisations in Australia and New Zealand.

We give buyers, procurement teams, insurers, and anyone evaluating an IT provider a fast, reliable way to verify ISO certifications, without needing to decode PDFs or navigate paywalled, outdated registers.

Our goal is twofold:

  1. Protect decision-makers from misleading claims of ISO certification or alignment that aren’t backed by credible accreditation.

  2. Recognise and reward IT organisations doing the right thing - investing in proper, accredited certification and demonstrating their commitment to best practice.

Why CertIndex Exists

The number of IT organisations claiming ISO/IEC 27001:2022 certification or alignment is growing rapidly. Many cut corners by offshoring their audit to low-cost, low-barrier certification bodies. This undermines the value of ISO standards and creates confusion for buyers who don’t know the difference between JASANZ-accredited certification and unrecognised alternatives.

We built CertIndex to:

  • Provide clarity in an increasingly noisy market.

  • Give procurement teams and government departments a trusted reference point for verifying tender responses.

  • Make it easy to search by location, service area, and certification type - something existing registers don’t offer.

What Makes Us Different

Unlike public registers, CertIndex is designed to be searchable, filterable, and user-friendly.

  • Search by location (e.g. “Melbourne”) and instantly see certified IT organisations that are headquartered there or can service that area.

  • Search by service type to find providers that meet both your operational needs and your compliance requirements.

  • All certifications are verified against JASANZ or other IAF-recognised accreditation bodies before being listed.

  • CertIndex is a boutique register with a focus on Australia and New Zealand.

Verification You Can Trust

Every organisation listed on CertIndex has had its certification status independently verified. We check:

  • Certification number, issue date, expiry date

  • Certification scope and standards covered

  • Certification body and accreditation body

  • Jurisdiction of certification (e.g. Australia, New Zealand, or other IAF-recognised countries)

Verification is conducted by ISO365, a trusted ISO consultancy, using official public registers and direct validation with certification bodies where necessary.

Trusted by Industry Leaders

CertIndex already includes some of the most respected IT organisations across Australia and New Zealand.

Founders’ Story

CertIndex was created out of a growing concern with the state of ISO certification in the IT sector.

Too many organisations claim to be aligned or certified without going through a credible, accredited process. This erodes trust and weakens the role of ISO standards in driving better security and service quality.

As a long-time ISO practitioner, our founder wanted to close the gap:

  • No single public directory existed for verifying certified IT providers.

  • No easy way to search by service location or offering.

  • No way to distinguish between JASANZ-accredited certifications and others that may be technically acceptable but fall short of best practice.

CertIndex fills that gap - helping Australia move toward its 2023–2030 Australian Cyber Security Strategy, and making sure the organisations that do certification right get the recognition they deserve.

Looking Ahead

CertIndex will always be an ISO-first platform. In the future, we may list other recognised standards and attestations, but only for organisations that hold ISO/IEC 27001:2022 certification.

Start Now

Whether you’re a certified IT organisation ready to stand out, or a decision-maker wanting to verify a provider, CertIndex is your trusted reference point.