Which of the following specifies how to do certification by external parties?

Certification by external parties is defined by the ISO/IEC 27000 family because it centers on information security management systems and how an independent body can verify and certify that an organization meets those requirements. Within this family, ISO/IEC 27001 is the key standard that sets the requirements for an ISMS and is the basis for third‑party audits and certification. External auditors assess whether the organization has implemented and maintained an ISMS that complies with the standard, then issue a certificate if it does. The other frameworks focus on different areas: COSO is an internal control framework used to design and evaluate controls within an organization, not a formal path for external certification; COBIT provides IT governance and management objectives, guidance, and maturity models, but it does not specify a formal external certification process against the framework. Because of that, they don’t specify how certification by external parties should be done in the same way the ISO/IEC 27000 family does.