How much does ISO 27001 cost?

How Much Does ISO 27001 Cost_

ISO 27001 Shouldn’t Cost the Earth. Go about it the wrong way – it just might.

The costly mistakes that people always make for ISO 27001 and how to avoid them. You must read this before you implement ISO 27001.

What ISO 27001 Costs Are There?

Let’s shed some light on the ISO 27001 costs you can expect. You have 2 lots of cost being

  1. The cost of implementing ISO 27001
  2. The cost of the ISO 27001 certification

The balance is your time verses money.

Either you are going to pay in your time to do it your self or in money for someone to do it for you.

The number 1 most costly ISO 27001 implementation mistake

The number 1 mistake most people make is not knowing what they need and what their options are.

They get sucked in by fancy marketing.

They believe the hype that it is hard.

They accept the high prices that are banded around without question.

What is the answer?

It sounds simple but work out what you actually need.

Fundamentally it will come down to your costs verses your time.

ISO 27001 implementation costs will vary considerably depending on if you do it yourself, employ someone full time, employ a contractor or engage a consultant.

ISO 27001 Implementation Options – A Comparison of Costs

Considering the approaches of doing it yourself, getting a contractor or employing High Table let us compare typical expected costs side by side.

Consultant

Circa £5k to £15k

5 to 15 days duration

Comes with all policies

Track record of delivery and certification

Employee

min £40k per year

6 to 12 months duration

Needs to write all policies

Contractor

£39k to £160k

3 to 12 months duration

Will write all policies

Implement ISO 27001 Yourself: Save thousands in consulting fees

ISO 27001 ISO 27001 Toolkit

The cheapest, most cost effective way for a small business to implement ISO 27001 and get ISO 27001 certification is to do it themselves. They just do not realise that it is an option. It is.

It is not hard.

It is not complicated.

The costly mistake of not doing it yourself?

I am not saying that consultants, contractors or full time employees do not have their place.

They do.

If you use a contractor or a full time employee the costs can soon mount up. The main reason being that you are paying for their time irrespective of the outcome. We often see projects that should take 10 days stretch to 3, 6 and even 12 months.

Of the options of getting help it is our experience that working with a consultant on a fixed price basis is the most cost effective way to implement ISO 27001. The benefits are

  • Fixed and know cost
  • Often includes all required documentation and policies

How much does it cost to implement ISO 27001?

You can see that the costs for implementing ISO 27001 range from a few hundred pounds to buy and ISO 27001 templates toolkit with step by step guides to 10’s of thousands pounds to get external help.

How much does ISO 27001 certification cost?

ISO 27001 Certification costs are set by the certification body. To have meaning you will want a UKAS accredited certification. It is worth shopping around. The UKAS website lists all the accredited bodies and can be found here.

The costs vary depending on your size and the ‘risk’ the certification body assigns to your business.

For a small business expect to pay £6k to £8k typical as a year 1 cost.

For a medium size business expect to pay £12k to £18k typical as a year 1 cost.

You then have on going yearly costs.

The number 1 most costly ISO 27001 CERTIFICATION mistake

The number 1 mistake most people make is not shopping around.

An accredit certification is an accredited certification.

Whilst you might belief the hype that they are not in it for profit, they are.

The reality is costs vary wildly.

Do your research.

Get at least 3 quotes.

Choose the Certification Body that meets your finance requirements, your values and your needs.

ISO 27001 Costs FAQ

What ISO 27001 Certification costs are there?

There are several ISO 27001 Certification costs. They are
1. The cost of the actual ISO 27001 Certification and Taking the Test
2. The cost of implementing ISO 27001 and building your information security management system
3. The cost of running the ISO 27001 Information Security Management System
4. The ongoing annual cost of external certification audit

How much does and ISO 27001 certification cost?

The cost of the ISO 27001 certification cost audit will be in the region of £6,000 to £12,000 depending on the size of your organisation.

How much does the ISO 27001 on going annual external certifications cost?

You have a year 1 cost of £6,000 to £12,000
You have a year 2 and year 3 cost of £2,000 to £5,000
You then start the process over again and go back to Year 1.

How much does it cost to build and implement ISO 27001?

ISO 27001 implementation costs range from as low as £500 if you do it yourself through to £20,000+ for a fully managed service. You should definitely shop around.

How much is the ongoing cost to run the ISO 27001 information security management system?

There are many factors to consider but in brief, if you employ someone full time expect to pay £40,000 to £60,000 per year. If you outsource it expect to pay £12,000 to £36,000 per year. If you get an existing staff member to do it expect to pay training fees for them of around £2,000 to £5,000 per year.

How much do online ISO 27001 platforms cost?

Expect to pay a set up fee and an ongoing maintenance fee. Budget for between £10,000 and £20,000 per year on going costs. Be sure to shop around and get quotes.

How much does an ISO 27001 consultant charge?

An ISO 27001 consultant will charge between £12,000 and £60,000 per year depending on what they do for you.

What is an ISO 27001 consultants day rate?

An ISO 27001 consultant day rate will range between £400 and £1,500 per day depending on experience.

What is an ISO 27001 consultants hourly rate?

An ISO 27001 consultants hourly rate will range from £50 per hour to £250 per hour depending on experience.

What is the cost of the ISO 27001 standard?

The actual ISO 27001 standard costs around £150. Shop around.

Can I get ISO 27001 certified for free?

No.

Is it possible to download ISO 27001 for free?

No.

Where can I get free ISO 27001 templates?

There are no free ISO 27001 templates that are any good. Google is your friend but ‘buyer’ beware.

We are a small company, why does ISO 27001 cost so much?

Partly because the ISO 27001 standard has been built in such a way that it excludes small business on cost. The ‘official’ framework of certification bodies is bureaucratic and doesn’t take into account the size of your organisation. They work on audit days not company size. It is not designed to be in your favour but, as they say, it is what it is.

Do different ISO 27001 certification bodies charge different amounts?

Yes. They will tell you that they do not work on a day rate but they do. As a result, the number of audit days will be fairly consistent between the certification bodies but the rate they charge will differ. The product at the end, the ISO 27001 certification, is exactly the same. In fact they often outsource the certification audit itself to a small pool of independent contractor auditors. This means that irrelevant of who you pay you can end up with the same auditor and will get the same product and the same outcomes. Get at least 3 quotes and shop around.

Need a little free help?

ISO 27001 Strategy Session
ISO 27001 Strategy Session
ISO 27001 ISO 27001 Toolkit
ISO 27001 Policy Bundle

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Stuart Barker

About the Author

Stuart Barker

Stuart is an ISO 27001 Consultant and author of the ISO 27001 Templates Toolkit. Over 20 years he has helped hundreds of organisations with the ISO 27001 standard and getting them ISO 27001 certification with a 100% success rate.

Shopping Cart