How much does ISO 27001 cost?
ISO 27001 Shouldn’t Cost the Earth. Go about it the wrong way – it just might.
Table of contents
- How much does ISO 27001 cost?
- ISO 27001 Shouldn’t Cost the Earth. Go about it the wrong way – it just might.
- What ISO 27001 Costs Are There?
- What are the Implementation Costs?
- Implementation Options – A Comparison of Costs
- Certification Costs
- What does it cost with High Table?
- Doing it yourself
- Read Next
What ISO 27001 Costs Are There?
Let’s shed some light on the ISO 27001 costs you can expect. You have 2 lots of cost being
- The cost of implementing ISO 27001
- The cost of the ISO 27001 certification
The balance is your time verses money. Either you are going to pay in your time to do it your self or in money for someone to do it for you. At High Table we tweak the balance based on your need. We can support you doing it all your self, through all points on the scale, to doing it for you.
What are the Implementation Costs?
ISO 27001 implementation costs will vary considerably depending on if you employ someone full time, as a contractor or as a consultant. It is our experience that working with a consultant on a fixed price basis is the most cost effective way to implement ISO 27001. The benefits are
- Fixed and know cost
- Often includes all required documentation and policies
If you use a contractor or a full time employee the costs can soon mount up. The main reason being that you are paying for their time irrespective of the outcome. We often see projects that should take 10 days stretch to 3, 6 and even 12 months.
Implementation Options – A Comparison of Costs
Considering the approaches of doing it yourself, getting a contractor or employing High Table let us compare typical expected costs side by side.
Circa £5k to £15k
5 to 15 days duration
Comes with all policies
Track record of delivery and certification
Your own Employee
min £40k per year
6 to 12 months duration
Needs to write all policies
£39k to £160k
3 to 12 months duration
Will write all policies
We often see companies start by trying to do it themselves. It is a steep learning curve and writing all of the required documents from scratch is demanding. Then there is the small matter of implementing and making it work. We have been doing this a long time, with a lot of clients, and our processes which are based on experience are honed, efficient and cost effective.
ISO 27001 Certification costs are set by the certification body. To have meaning you will want a UKAS accredited certification. It is worth shopping around. The UKAS website lists all the accredited bodies and can be found here.
Expect to pay £6k to £8k typical as a year 1 cost.