ISO 27001 Costs
Let’s shed some light on the ISO 27001 costs you can expect. You have 2 lots of cost being
- The cost of implementing ISO 27001
- The cost of the ISO 27001 certification
The costs are going to either be in money to pay someone to do some or all of it for you or in your time.
Implementation Costs
ISO 27001 implementation costs will vary considerably depending on if you employ someone full time, as a contractor or as a consultant. It is our experience that working with a consultant on a fixed price basis is the most cost effective way to implement ISO 27001. The benefits are
- Fixed and know cost
- Often includes all required documentation and policies
If you use a contractor or a full time employee the costs can soon mount up. The main reason being that you are paying for their time irrespective of the outcome. We often see projects that should take 10 days stretch to 3, 6 and even 12 months.
Consultant
Circa £5k to £15k
5 to 15 days duration
Comes with all policies
Track record of deliver and certification
Permanent Staff Member
min £40k per year
6 to 12 months duration
Needs to write all policies
Contractor
£39k to £160k
3 to 12 months duration
Will write all policies
Certification Costs
Certification costs are set by the certification body. To have meaning you will want a UKAS accredited certification. It is worth shopping around. The UKAS website lists all the accredited bodies and can be found here.
Expect to pay £6k to £8k typical as a year 1 cost.