With the increasing digitalization of society, where threats of data breaches and information leaks are growing exponentially, the importance of a structured and effective management of information security has become increasingly apparent. This realization has contributed to organizations prioritizing efforts to ensure the secure management of information, making information security management systems (ISMS) a prominent component among organizations. With the increased demand for this, ISO 27001 certification has emerged as a key strategy for organizations to increase information security. Given the lack of research on this certificate, especially inthe Swedish context, this study aims to investigate what effects small to medium-sized organizations experience after an ISO 27001 certification. Using a qualitative research method, eleven semi-structured interviews were conducted where the results were discussed and compared with previous research in the field. The results indicate that organization experiences a lot of improvements after the ISO 27001 certification, which are both internal and external improvements. The findings show that organizations experience efficiency improvements, improved security and risk management, business benefits, and better customer relations. In addition, the findings also indicate that the certificate is fulfilling its purpose and that organizations are satisfied with the end result and choose to recertify.